Dockerfile:
FROM i386/alpine:3.18 as build-env
ENV LTRACE_DIR=/build/ltrace
ENV LIBELF_DIR=/build/libelf
ENV BUILD_PREFIX=/usr/local
# Install tools and dependencies
volodya plowsec
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/eclipse-ee4j/jersey/blob/2.x/core-common/src/main/java/org/glassfish/jersey/uri/UriComponent.java#L705 |
plowsec
/ angular_cheatsheet.txt
Created
October 29, 2024 09:07
Things to grep when auditing Angular codebase
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bypassSecurityTrustHtml | |
| bypassSecurityTrustStyle | |
| bypassSecurityTrustScript | |
| bypassSecurityTrustUrl | |
| bypassSecurityTrustResourceUrl | |
| innerHTML | |
| outerHTML | |
| insertAdjacentHTML | |
| document.write | |
| eval( |
plowsec
/ windows_decode_access_mask.py
Created
June 13, 2024 12:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| # Define the access rights and their corresponding bit values | |
| ACCESS_RIGHTS = { | |
| "DELETE": 0x00010000, | |
| "READ_CONTROL": 0x00020000, | |
| "WRITE_DAC": 0x00040000, | |
| "WRITE_OWNER": 0x00080000, | |
| "SYNCHRONIZE": 0x00100000, | |
| "KEY_QUERY_VALUE": 0x00000001, |
plowsec
/ windbg_cheatsheet.md
Last active
October 3, 2024 14:40
plowsec
/ idapython_color_pseudocode.py
Last active
June 12, 2024 08:36
IDA Python script to color both disassembly and corresponding pseudocode
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idc | |
| import idaapi | |
| import ida_hexrays | |
| import idautils | |
| from functools import lru_cache | |
| import time | |
| class NodeMetadata: |
plowsec
/ logging_template.py
Created
May 28, 2024 12:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fmt = '%(asctime)s | %(levelname)3s | [%(filename)s:%(lineno)3d] %(funcName)s() | %(message)s' | |
| datefmt = '%Y-%m-%d %H:%M:%S' # Date format without milliseconds | |
| class CustomFormatter(logging.Formatter): | |
| COLOR_CODES = { | |
| 'DEBUG': '\033[36m', # Cyan | |
| 'INFO': '\033[35m', # Green | |
| 'WARNING': '\033[33m', # Yellow | |
| 'ERROR': '\033[31m', # Red |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Force | Out-Null; New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoRebootWithLoggedOnUsers" -Value 1 -PropertyType DWORD -Force | |
| Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUPowerManagement" -Type DWord -Value 0 |
plowsec
/ ida_propagate_types.py
Created
May 17, 2024 08:25
IDA Pro plugin to propagate types (top-down) AND fix WDM unions AND rename tainted variables
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| This IDAPython script automates the following operations to find x64 vulnerable kernel drivers with firmware access. | |
| * Triage | |
| 1. Identify IOCTL handlers in WDM/WDF drivers | |
| 2. Find execution paths from the handlers to the target API (MmMapIoSpace*) and instructions (IN/OUT) | |
| * Analysis | |
| 1. Fix union fields for IOCTL in the handlers and subroutines | |
| 2. Propagate function argument names/types in subroutines recursively to decide if input/output can be controlled |
plowsec
/ hexrays_right_click_handler.py
Created
May 16, 2024 13:32
Simple IDA script to add a right-click handler in hexrays and get the EA of the current decompiled function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ida_kernwin | |
| import ida_hexrays | |
| class MyRightClickHandler(ida_kernwin.action_handler_t): | |
| def __init__(self): | |
| ida_kernwin.action_handler_t.__init__(self) | |
| def activate(self, ctx): | |
| # Get the current decompiled function | |
| vu = ida_hexrays.get_widget_vdui(ctx.widget) |
NewerOlder