Jaime Peñalba jpenalbae
| #include "CertInjector.h" | |
| #include "MinHook.h" | |
| #include <string> | |
| #include <unordered_set> | |
| #define COUNT_OF(arr) (sizeof(arr) / sizeof(*arr)) | |
| // #define PRINT_DEBUG |
| #!/usr/bin/env python3 | |
| import usb.core | |
| import struct | |
| from collections import namedtuple | |
| APPLE_VID = 0x05ac | |
| Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"]) |
| // Brandon Azad (@_bazad) | |
| #include <assert.h> | |
| #include <errno.h> | |
| #include <mach/mach.h> | |
| #include <stdbool.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> |
Hi guys! Since I started to write Bluebox-ng I've been tracking the different security projects I found written in Node.js. Now we've published the first stable version we think it's the right moment to speak among us (and, of course, everyone interested in it :).
- I think we're rewriting the same stuff in our respective projects again and again. For example, almost any tool supports IPv6 because the functions we need are still not present in the Node core and the libraries I found (IMHO) were not enough.
- There're different projects implementing exactly the same thing, ie: port scanners.
- We're working in a too new environment, so we need to make it together.
radare2 is a very cool set of tools that you probably don't know how to use! Let's go through a simple exploit CTF challenge to understand how to use it for exploit development.
We'll be focusing on "ropasaurus rex" which is a simple challenge from Plaid CTF After checking out the latest and greatest radare from git, let's get started!
Open up ropasaurusrex in r2 and call analyze on the binary. We can list the functions with "afl"
THIS GIST WAS MOVED TO TERMSTANDARD/COLORS REPOSITORY.
PLEASE ASK YOUR QUESTIONS OR ADD ANY SUGGESTIONS AS A REPOSITORY ISSUES OR PULL REQUESTS INSTEAD!