Skip to content

Instantly share code, notes, and snippets.

View en4rab's full-sized avatar

Robin Bradshaw en4rab

26 followers · 18 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active April 2, 2025 13:39
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@Hyedryn
Hyedryn / AMI_BIOS_SHA256.md
Last active February 23, 2025 09:54
Recovering the BIOS password from an Asus VivoBook (AMI UEFI)

Recovering the BIOS Password from an Asus VivoBook (AMI UEFI)

This tutorial provides a step-by-step guide to recover the BIOS password from an Asus VivoBook using a memory dump.

Prerequisites

  1. Memory Dump: Obtain the memory dump of the BIOS using either a software method (as shown in the following writeup or a hardware programmer.
  2. Hashcat: Ensure you have Hashcat installed for brute-forcing the password.

Obtaining the Memory Dump

@ngregoire
ngregoire / README.txt
Last active January 25, 2025 15:07
Matplot script used to generate timelines
The script requires Python3 and the packages `numpy`, `pandas` and `matplotlib`.
It accepts a input file compatible with Mermaid (cf `bb.data`) and generates a PNG file.
The tag `<br/>` is supported, so that a label can be displayed on several lines.
I use the font `Humor Sans`, that can be installed via `apt install fonts-humor-sans`.
@natmchugh
natmchugh / copying-Paxton-fobs.md
Last active March 30, 2025 17:18
How to copy, read and write Paxton fobs and cards with an RFIDler

How to copy, read and write Paxton fobs and cards with an RFIDler

A newer version of this info is available at https://badcfe.org/how-to-paxton-with-rfidler/

Paxton fobs and readers are popular in the UK especially the Net2 system where the fobs look like this with a blue ring: Paxton Fob

Paxton readers often look like this:

Paxton Reader

@mallardduck
mallardduck / script.sh
Last active January 14, 2025 19:09
How to unpack and modify/customize the initrd (using zstd compression)
export LANG=C
TMP=`mktemp -d`
umask 022
mkdir -p $TMP/earlycpio
mkdir $TMP/initramfs
umask 077
cd $TMP/earlycpio
@hinchley
hinchley / UserWritableLocations.ps1
Created September 12, 2016 09:35
A PowerShell script for identifying user-writable folders. Usage is discussed in the following article: http://hinchley.net/2016/06/13/an-approach-for-managing-microsoft-applocker-policies/
# Paths that we've already excluded via AppLocker.
$exclusions = @()
# Paths to process.
$paths = @(
"C:\Windows"
)
# Setup log.
$log = "$PSScriptRoot\UserWritableLocations.log"
@phrawzty
phrawzty / 2serv.py
Last active January 16, 2025 08:46
simple python http server to dump request headers
#!/usr/bin/env python2
import SimpleHTTPServer
import SocketServer
import logging
PORT = 8000
class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
@ekarulf
ekarulf / code128.py
Created November 16, 2010 04:25
Code128 Python Generator (Uses PIL)
#!/usr/bin/env python
# Copyright (c) 2010 Erik Karulf ([email protected])
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR