sl ocularOcular shell starts up and looks like this:
Chetan Conikee conikeec
conikeec
/ gist:3add411dd83a3b4b898e41a284c99592
Last active
May 18, 2024 13:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| from typing import List | |
| import dspy | |
| from dotenv import load_dotenv | |
| from dspy.functional import TypedPredictor | |
| from pydantic import BaseModel, Field | |
| load_dotenv() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Imagine you have an online store that's built using the Java programming language. Your developers used a popular library called Jackson to handle customer data, like names and addresses. Jackson is usually safe, but it has a hidden danger - under certain settings, hackers can sneak in malicious code along with regular customer information. If you're not careful, that hacker code will run on your servers, letting criminals take over your whole website! | |
| Here's the scary part - turning on this dangerous setting is as easy as adding one line of code to your Java application. It's called "enableDefaultTyping" and it tells Jackson to accept any kind of data, even if it might be dangerous. A lot of other Java applications use Jackson too, and many of them had this risky setting turned on without realizing it. | |
| If hackers successfully exploit this flaw in your online store, they could do all sorts of nasty things - steal your customers' private information, vandalize your website, or even use your servers to attack |
conikeec
/ Recipe for demo
Last active
April 23, 2024 01:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Preparatory Steps (Only needs to be done once!) | |
| ------------------------------------------------- | |
| 1. Install Java | |
| ----------- | |
| (MAC) https://tejaksha-k.medium.com/a-step-by-step-guide-to-installing-java-on-macos-5188bfdf99d7 | |
| (WIN) https://www.java.com/download/ie_manual.jsp | |
| 2. Install Maven | |
| ----------- |
conikeec
/ gist:236f3091a02b02a64c78e736fe612520
Created
April 19, 2024 18:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Build the project | |
| # spin up a shell prompt | |
| git clone https://github.com/conikeec/jackspoilt.git | |
| cd jackspoilt | |
| # compile and package | |
| mvn clean package | |
| # verify if gadgets are avaliable to exploit (refer blog) |
conikeec
/ chetan.json
Last active
March 19, 2024 19:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "public_identifier": "conikee", | |
| "profile_pic_url": "https://s3.us-west-000.backblazeb2.com/proxycurl/person/conikee/profile?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=0004d7f56a0400b0000000001%2F20240319%2Fus-west-000%2Fs3%2Faws4_request&X-Amz-Date=20240319T185441Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=cf3cf67132f6d8abba1f6bfba67f9bc24db6986b4e117f1993b1c588de3b1775", | |
| "background_cover_image_url": null, | |
| "first_name": "Chetan", | |
| "last_name": "Conikee", | |
| "full_name": "Chetan Conikee", | |
| "follower_count": 1618, | |
| "occupation": "Founder and CTO at Qwiet", | |
| "headline": "Founder and Chief Technology Officer at Qwiet.ai, Seed Investor", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static Assembly Compile(string[] sources, bool isDebug, string tempDir, params AssemblyName[] referencedAssemblies) | |
| { | |
| var assemblyFileName = tempDir + "gen" + Guid.NewGuid().ToString().Replace("-", "") + ".dll"; | |
| var assemblyPath = Path.GetFullPath(assemblyFileName); | |
| var compilation = Compilation.Create(assemblyFileName, | |
| new CompilationOptions(OutputKind.DynamicallyLinkedLibrary)) | |
| .AddSyntaxTrees(from source in sources | |
| select SyntaxTree.ParseCompilationUnit(source)) | |
| .AddReferences(from ass in referencedAssemblies |
conikeec
/ CodeDom.cs
Created
January 3, 2021 06:07
Example of a CodeDom (predates Roslyn) based meta program
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static Assembly Compile(string[] sources, bool isDebug, string tempDir, params AssemblyName[] referencedAssemblies) | |
| { | |
| var codeProvider = new CSharpCodeProvider(new Dictionary<string, string> {{"CompilerVersion", "v4.0"}}); | |
| var assemblyReferences = new[] | |
| { | |
| "System.dll", | |
| "System.Core.dll", | |
| "mscorlib.dll" | |
| } |
conikeec
/ CVE-2020–15957.md
Last active
August 6, 2020 21:04
conikeec
/ taint_flow.scala
Created
April 24, 2020 05:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //enumerate all routes from attack surface script | |
| val attackerControlledSource = cpg.method.filter(_.annotations.name("@RequestParameter").contains("userName")).parameter | |
| // determine all security sensitive functions | |
| val vulnerableSink = cpg.method.name("find*byUserName*").parameter | |
| //conduct reachibility analysis from attacker controlled vectors to all security sensitive functions | |
| if (vulnerableSink.reachableBy.attackerControlledSource.flows.exist) { | |
| println("Authentication Bypass Found!") | |
| } |
conikeec
/ AuthenticalModel.scala
Created
April 24, 2020 05:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.nio.charset.StandardCharsets._ | |
| import java.nio.file.{Files, Paths} | |
| import io.shiftleft.passes.{CpgPass, DiffGraph} | |
| import io.shiftleft.codepropertygraph.Cpg | |
| import scala.collection.mutable.ListBuffer | |
| case class Coordinates(name : String, fileName : String, linenumber : String) | |
| implicit val coordinatesRW = upickle.default.macroRW[Coordinates] | |
| case class Results(verifyingFunction : String, |
NewerOlder