Skip to content

Instantly share code, notes, and snippets.

View klmitchell2's full-sized avatar
🎯
Focusing

Kevin Mitchell Jr klmitchell2

🎯
Focusing
View GitHub Profile
@thesamesam
thesamesam / xz-backdoor.md
Last active November 17, 2024 13:13
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@LinusHenze
LinusHenze / iOS_16_Launch_Constraints.txt
Created June 15, 2022 16:30
Description of the Launch Constraints introduced in iOS 16
iOS 16 introduced launch constraints, which can be used to constraint the launch of an application.
There are three types of constraints:
Self Constraints, which the launched application itself must meet
Parent Constraints, which the parent process must meet
Responsible Constraints, which the "responsible process" must meet (I assume that the responsible process is the process that asked launchd to launch a service)
Additionally, the TrustCache format was updated (see below) to support assigning each binary a "Constraint Category", which forces Self and Parent Constraints.
Note that Self, Parent and Responsible Constraints can also be set by the process performing the launch and they can be included in the code signature, in the new blob type 0xFADE8181. In both cases, the constraints are DER encoded (just like the DER entitlements).
Constraint Categories (from TrustCache, new in version 2):
@osfunapps
osfunapps / apple_device_connection_helper.command
Last active June 3, 2024 15:22
Just connect your device and run this command, it will connect until a fully steady connection achieved
# removefrom quarantine:
# sudo xattr -rd com.apple.quarantine "/Users/home/Programming/Python/projects/ToolBoxPy/src/linux/connectPhone.command"
# This small script meant to save Apple users the hassle of resetting/disconnecting and connecting an Apple device, again and again, until a steady connection.
# Just connect your device and run this command, it will reconnect the device until a steady connection
# set here the sensitivity of the checks. I fount it best to use these props
MAX_PASSED_CHECKS=50
TIMEOUT_BETWEEN_CHECKS=0.3 # in secs
TIMEOUT_AFTER_EACH_USB_RESET=4 # in secs
@widdowquinn
widdowquinn / kali_osx_persistence_wifi.md
Last active November 16, 2024 00:55
Kali Linux Live USB with persistence and wireless on Macbook Pro

Kali Linux Bootable USB with Persistence and Wireless on OSX

Download the appropriate Kali Linux .iso

I used a 64 bit .iso image, downloaded via HTTP. I downloaded the amd64 weekly version, as the pool linux headers (needed below for installation of wireless drivers) were ahead of the stable release kernel.

Download the SHA256SUMS and SHA256SUMS.gpg files from the same location.

@cmoulton
cmoulton / URLSession Calls in Swift 4
Last active December 18, 2023 02:31
URLSession Calls in Swift 4
func makeGetCall() {
// Set up the URL request
let todoEndpoint: String = "https://jsonplaceholder.typicode.com/todos/1"
guard let url = URL(string: todoEndpoint) else {
print("Error: cannot create URL")
return
}
let urlRequest = URLRequest(url: url)
// set up the session
@0xmachos
0xmachos / Keychain.md
Last active October 10, 2024 11:32
Useful resources for working with iOS/ macOS Keychain API

Keychain API

kSecAttrAccessible Mapping

Protection Domain (pdmn) Keychain Accessibility Values
ck kSecAttrAccessibleAfterFirstUnlock
cku kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
dk kSecAttrAccessibleAlways
akpu kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly
@daniel-rueda
daniel-rueda / CertificatePinningURLSessionDelegate.swift
Last active April 5, 2024 05:52
Certificate and Public Key Pinning for URLSession using Swift
// Based on https://code.tutsplus.com/articles/securing-communications-on-ios--cms-28529
import Foundation
import Security
struct Certificate {
let certificate: SecCertificate
let data: Data
}
@mminer
mminer / MyService.swift
Last active April 23, 2024 23:00
Components of XPC service.
import Foundation
class MyService: NSObject, MyServiceProtocol {
func upperCaseString(_ string: String, withReply reply: @escaping (String) -> Void) {
let response = string.uppercased()
reply(response)
}
}
@DejanEnspyra
DejanEnspyra / Obfuscator.swift
Created May 31, 2017 17:51
Obfuscation of hard-coded security-sensitive strings.
//
// Obfuscator.swift
//
// Created by Dejan Atanasov on 2017-05-31.
//
import Foundation
class Obfuscator: AnyObject {
@dfrib
dfrib / DictionaryKeyPath.swift
Last active April 14, 2023 12:45
Swift: Reading and writing to (possible) nested dictionaries for a given key path, using a recursive approach
// For details, see
// http://stackoverflow.com/questions/40261857/remove-nested-key-from-dictionary
import Foundation
extension Dictionary {
subscript(keyPath keyPath: String) -> Any? {
get {
guard let keyPath = Dictionary.keyPathKeys(forKeyPath: keyPath)
else { return nil }
return getValue(forKeyPath: keyPath)