Skip to content

Instantly share code, notes, and snippets.

View sponnusa's full-sized avatar
👻
Vicious Electron Journey!

Suri sponnusa

👻
Vicious Electron Journey!
175 followers · 13 following
View GitHub Profile
@johnzweng
johnzweng / SEC_2_Prime_order_koblitz_curves_generators_mystery.sage
Last active November 18, 2025 14:39
The mystery of the generation points of the secpXXXk1 curves.. :)
# The mystery around secpxxxk1 generation points :)
# -------------------------------------------------
#
# The SEC 2 familiy of elliptic curves are defined in https://www.secg.org/sec2-v2.pdf
# and widely used in cryptography.
#
# The generation points G of these curves are defined in the standard paper without any nearer
# explanation how they were chosen. Interestingly the generation points (G) of all prime order
# koblitz curves of the SEC 2 family (secp160k1, secp192k1, secp224k1, secp256k1) share some
# unusual mysterious property.
@Widdershin
Widdershin / ssr.md
Last active May 1, 2024 17:36
The absurd complexity of server-side rendering

In the olden days, HTML was prepared by the server, and JavaScript was little more than a garnish, considered by some to have a soapy taste.

After a fashion, it was decided that sometimes our HTML is best rendered by JavaScript, running in a user's browser. While some would decry this new-found intimacy, the age of interactivity had begun.

But all was not right in the world. Somewhere along the way, we had slipped. Our pages went uncrawled by Bing, time to first meaningful paint grew faster than npm, and it became clear: something must be done.

And so it was decided that the applications first forged for the browser would also run on the server. We would render our HTML using the same logic on the server and the browser, and reap the advantages of both worlds. In a confusing series of events a name for this approach was agreed upon: Server-side rendering. What could go wrong?

In dark rooms, in hushed tones, we speak of colours.

@moyix
moyix / killbutmakeitlooklikeanaccident.sh
Created February 5, 2022 22:51
Script to inject an exit(0) syscall into a running process. NB: only x86_64 for now!
#!/bin/bash
gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont'
@huytd
huytd / wordle.md
Last active November 21, 2025 07:17
Wordle in less than 50 lines of Bash

image

How to use:

./wordle.sh

Or try the unlimit mode:

@loknop
loknop / writeup.md
Last active November 13, 2025 20:37
Solving "includer's revenge" from hxp ctf 2021 without controlling any files

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.

@cemerson
cemerson / archive.org-scanned-book-downloader-bookmarklet.md
Last active November 21, 2025 21:55
Archive.org Scanned Book Downloader Bookmarklet

Archive.org Scanned Book Downloader Bookmarklet

A simple "1-click" javascript approach to downloading a scanned book from archive.org to read at your leisure on the device of your choosing w/out having to manually screenshot every pages of the book by hand. In short it's a glorified "Save Image As..." approach but consolidated down to "1 click". BTW there may be a much better option than this out there - I just built this as an autistic project to see if it would work.

Demo Video

Archive.org SBDL Demo

Obligatory Legal/Disclaimer:

By using this script you agree to delete all book files/images after your 1 hour or 14 days is up! I don't support using this script for any other use cases. After all, none of us have ever kept a library book past it's return date, right?

@sxiii
sxiii / p2p-vpns.md
Created September 10, 2021 07:13
P2P VPN List
@0xabad1dea
0xabad1dea / copilot-risk-assessment.md
Last active June 26, 2025 22:23
Risk Assessment of GitHub Copilot

Risk Assessment of GitHub Copilot

0xabad1dea, July 2021

this is a rough draft and may be updated with more examples

GitHub was kind enough to grant me swift access to the Copilot test phase despite me @'ing them several hundred times about ICE. I would like to examine it not in terms of productivity, but security. How risky is it to allow an AI to write some or all of your code?

Ultimately, a human being must take responsibility for every line of code that is committed. AI should not be used for "responsibility washing." However, Copilot is a tool, and workers need their tools to be reliable. A carpenter doesn't have to

@gptshubham595
gptshubham595 / DISABLE_DEV_TOOLS.js
Last active August 11, 2022 13:06
DISABLE DEVELOPERS OPTION
! function(e, t) {
"object" == typeof exports && "undefined" != typeof module ? module.exports = t() : "function" == typeof define && define.amd ? define(t) : (e = e || self).hotkeys = t()
}(this, (function() {
"use strict";
function e(t) {
return (e = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function(e) {
return typeof e
} : function(e) {
@hiqsociety
hiqsociety / sysctl.conf
Created February 4, 2021 21:55 — forked from JoeyBurzynski/sysctl.conf
sysctl.conf Optimization / Ubuntu 18.04
# Kernel sysctl configuration file for Linux
#
# Version 1.14 - 2019-04-05
# Michiel Klaver - IT Professional
# http://klaver.it/linux/ for the latest version - http://klaver.it/bsd/ for a BSD variant
#
# This file should be saved as /etc/sysctl.conf and can be activated using the command:
# sysctl -e -p /etc/sysctl.conf
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and sysctl.conf(5) for more details.