richinseattle

Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ http://fuzzing.io; hacking the planet since 1995; Undercurrents BOFH

266 followers · 27 following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

richinseattle / grsec-debian-digitalocean.md

Created November 3, 2015 15:25 — forked from ageis/grsec-debian-digitalocean.md

Building a grsec-patched Linux kernel for Debian 8 and DigitalOcean

It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.

We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".

Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.2.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.

Install dependencies:

richinseattle / windows10qemu.sh

Created May 20, 2017 01:41 — forked from Manouchehri/windows10qemu.sh

Running Windows 10 in a UEFI enabled QEMU environment with KVM.

	# Installing
	qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 2048 -cdrom ~/Downloads/Win10_English_x64.iso -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -drive file=~/Downloads/virtio-win-0.1.105.iso,index=1,media=cdrom

	# Running
	qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 4096 -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -usbdevice tablet -rtc base=utc

richinseattle / smbloris.c

Created August 3, 2017 21:11 — forked from marcan/smbloris.c

SMBLoris attack proof of concept

	/* SMBLoris attack proof-of-concept
	*
	* Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
	*
	* Licensed under the terms of the 2-clause BSD license.
	*
	* This is a proof of concept of a publicly disclosed vulnerability.
	* Please do not go around randomly DoSing people with it.
	*
	* Tips: do not use your local IP as source, or if you do, use iptables to block

richinseattle / CVE-2012-nvidia-root.c

Last active August 3, 2017 21:19 — forked from zyxar/nvidia.c

nvidia bomb?

	/* Anonymous
	*
	* How to use: sudo rm -rf /
	*
	* greetz: djrbliss, kad, Ac1dB1tch3z, nVidia!
	*
	* Only complete fix patch nvidia drivers and redefine
	* IS_BLACKLISTED_REG_OFFSET:

	#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) 1

richinseattle / web-servers.md

Created November 12, 2017 12:00 — forked from willurd/web-servers.md

Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000

richinseattle / install-api.py

Created December 4, 2017 00:22 — forked from withzombies/install-api.py

Install the Binary Ninja Python API

	#!/usr/bin/env python

	import os
	import sys
	import os.path
	import site

	try:
	import binaryninja
	print "Binary Ninja API Installed"

richinseattle / TrustedHashes.csv

Created December 22, 2017 00:48 — forked from mattifestation/TrustedHashes.csv

All catalog hashes extracted from a mounted install.wim from en_windows_10_multi-edition_vl_version_1709_updated_sept_2017_x64_dvd_100090741.iso

We can't make this file beautiful and searchable because it's too large.

	"Algorithm","Hash","CatalogPath","Hint"
	"SHA256","71A0AEC9941BA21780C3BED570AEAF3BC5B9473BB6662F7CAF194F33C0E1B918","C:\Windows\InfusedApps\Frameworks\Microsoft.Advertising.Xaml_10.1705.4.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat",
	"SHA256","F5EEEC38876E48617643A9E735A30B9EC3D08D77075CD81F239A15626E3F7DD5","C:\Windows\InfusedApps\Frameworks\Microsoft.Advertising.Xaml_10.1705.4.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat",
	"SHA256","4BA33EC224E42FC929BA6487041C2C4275C5BCA66CD89471A09BC7F522A5661F","C:\Windows\InfusedApps\Frameworks\Microsoft.Advertising.Xaml_10.1705.4.0_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat",
	"SHA256","71A0AEC9941BA21780C3BED570AEAF3BC5B9473BB6662F7CAF194F33C0E1B918","C:\Windows\InfusedApps\Frameworks\Microsoft.Advertising.Xaml_10.1705.4.0_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat",

richinseattle / semtex.c

Created January 4, 2018 05:32 — forked from Nyangawa/semtex.c

semtex.c

	/*
	* linux 2.6.37-3.x.x x86_64, ~100 LOC
	* gcc-4.6 -O2 semtex.c && ./a.out
	* 2010 [email protected], salut!
	*
	* update may 2013:
	* seems like centos 2.6.32 backported the perf bug, lol.
	* jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if you insist.
	*/

richinseattle / hax.c

Created January 4, 2018 05:33 — forked from katlogic/hax.c

	//
	// CVE-2006-0741 reloaded
	// CVE-2014-4699 actually
	// [email protected]
	//

	#define _GNU_SOURCE
	#include <sched.h>
	#include <stdlib.h>
	#include <sys/ptrace.h>

richinseattle / peb.c

Created January 5, 2018 04:01 — forked from Wack0/peb.c

Getting a pointer to the PEB in C, for every architecture that NT was ported to (where at least one build of the port was leaked/released)

	// Gets a pointer to the PEB for x86, x64, ARM, ARM64, IA64, Alpha AXP, MIPS, and PowerPC.

	// This relies on MS-compiler intrinsics.
	// It has only been tested on x86/x64/ARMv7.

	inline PEB* NtCurrentPeb() {
	#ifdef _M_X64
	return (PEB*)(__readgsqword(0x60));
	#elif _M_IX86
	return (PEB*)(__readfsdword(0x30));

OlderNewer