niemyjski

#if false
throw null;
#else
#endif

unsafe get @event(ref string @as, byte? @throw = sizeof(double))
{
    lock(typeof(get)) {}

    try

tothi

Certifried combined with KrbRelayUp

Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.

The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.

Prerequisites:

davidfowl

using System.IO.Pipelines;
using System.Net;
using System.Net.Security;
using Microsoft.AspNetCore.Connections;
using Microsoft.AspNetCore.Connections.Features;
using Microsoft.AspNetCore.Http.Features;
using Microsoft.AspNetCore.Server.Kestrel.Core;

var builder = WebApplication.CreateBuilder(args);

Samirbous

sequence by host.id with maxspan=1m
  [process where process.name : ("7zG.exe", "WinRAR.exe") and not process.args : "a"] by process.pid
  [registry where process.name : ("7zG.exe", "WinRAR.exe") and registry.value : "ShowPassword" and registry.data.strings : "0"] by process.pid
  [process where event.action == "start" and process.parent.name : ("7zG.exe", "WinRAR.exe")] by process.parent.pid

ogxd

using System;
using System.Collections.Generic;

namespace System;

public static class StringConcatenationExtensions
{
    /// <summary>
    /// Concatenates strings with manamal allocations and good performance.
    /// (only the end result string is allocated)

kkokosa

using BenchmarkDotNet.Attributes;
using BenchmarkDotNet.Engines;
using BenchmarkDotNet.Running;
using System.Text;

BenchmarkRunner.Run<Benchmarks>();

[MemoryDiagnoser]
public class Benchmarks
{

artem-mangilev

// const { performance } = require('perf_hooks'); // for node.js

function map(strings, ...values) {
    const innerMapsMap = new Map<string, Map<any, any>>();
    
    let str = ''
    strings.forEach((string, i) => {
        if (values[i] instanceof Map) 
        {
            const key = `__innerMap_${performance.now()}`

LewisJEllis

// from https://twitter.com/Steve8708/status/1504131981444980739
// simplified to a function body of 8 tidy lines
// no loop needed, no 2d array of 3-tuples needed
// just 2 arrays, a findIndex call, and some indexing :)

export function getRelativeTimeString(
  date: Date | number,
  lang = "en"
): string {
  const timeMs = typeof date === "number" ? date : date.getTime();

steve8708

const minute = 60;
const hour = minute * 60;
const day = hour * 24;
const week = day * 7;
const month = day * 30;
const year = day * 365;

/**
 * Convert a date to a relative time string, such as
 * "a minute ago", "in 2 hours", "yesterday", "3 months ago", etc.

DavidWells

/* Ultra lightweight Github REST Client */
// original inspiration via https://gist.github.com/v1vendi/75d5e5dad7a2d1ef3fcb48234e4528cb
const token = 'github-token-here'
const githubClient = generateAPI('https://api.github.com', {
  headers: {
    'User-Agent': 'xyz',
    'Authorization': `bearer ${token}`
  }
})