xerpi

https://github.com/xerpi/GhidraVitaLoader

irsdl

<%@ Page Language="C#" %>
<%
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/
Response.Write("<br/><hr/>");
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{});
if(autoGenKeyV4!=null)
	Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty));
Response.Write("<br/>");
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{});
if(autoGenKey!=null)

Omar-Ikram

//
//  main.m
//  EndpointSecurityDemo
//
//  Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t)
//  Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h)
//  Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583)
//  Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69)
//  Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241)
//  Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h)

jakeajames

<pre id="logs"></pre>

<script>
// utilities

let arr = new Uint32Array(2);
let arr64 = new Float64Array(arr.buffer); // use same buffer

function floatToInt(float) {
	arr64[0] = float;

thetlk

let ab = new ArrayBuffer(8);
let fv = new Float64Array(ab);
let dv = new BigUint64Array(ab);

let f2i = (f) => {
  fv[0] = f;
  return dv[0];
}

littlelailo

This bug was also called moonshine in the beginning
Basically the following bug is present in all bootroms I have looked at:
1. When usb is started to get an image over dfu, dfu registers an interface to handle all the commands and allocates a buffer for input and output
2. if you send data to dfu the setup packet is handled by the main code which then calls out to the interface code
3. the interface code verifies that wLength is shorter than the input output buffer length and if that's the case it updates a pointer passed as an argument with a pointer to the input output buffer
4. it then returns wLength which is the length it wants to recieve into the buffer
5. the usb main code then updates a global var with the length and gets ready to recieve the data packages
6. if a data package is recieved it gets written to the input output buffer via the pointer which was passed as an argument and another global variable is used to keep track of how many bytes were recieved already
7. if all the data was recieved th

saelo

|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|

The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a

wbenny

//
// NtContinueEx is now used by ntdll!KiUserApcDispatcher.
// The KCONTINUE_ARGUMENT structure is built in the KiInitializeUserApc
// function.
//

typedef enum _KCONTINUE_TYPE
{
  KCONTINUE_UNWIND,
  KCONTINUE_RESUME,

enigma0x3

$rpc = ls C:\Windows\System32\*.exe, C:\Windows\System32\*.dll |Get-RpcServer -DbgHelpPath "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll"

 foreach ($rpc1 in $rpc)
{
    $ourObject = New-Object -TypeName psobject 
    $ourObject | Add-Member -MemberType NoteProperty -Name InterfaceID -Value $rpc1.InterfaceID
    $ourObject | Add-Member -MemberType NoteProperty -Name FileName -Value $rpc1.Name
    $ourObject | Add-Member -MemberType NoteProperty -Name IsRunning -Value $rpc1.IsServiceRunning
    $ourObject | Add-Member -MemberType NoteProperty -Name EndpointCount -Value $rpc1.EndpointCount
    $procs = $rpc1.Procedures.Name  | Out-String

ykoster

<#
 .Synopsis
  This module exploits a path traversal vulnerability in vpndownloader.exe of the Cisco AnyConnect client for Windows

 .Description
  This module exploits a path traversal vulnerability in vpndownloader.exe of the Cisco AnyConnect client for Windows.
  When the -Command argument isn't provided a DLL is created at C:\Program Files\Common Files\microsoft shared\ink\HID.dll.

  This DLL is used by the On-Screen Keyboard (osk.exe) of Windows, which is exposed on the login/lock screen.
  Opening the On-Screen Keyboard on this screen will run our DLL with LocalSystem privileges.