Steven Johnstone stevenjohnstone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| static int x3(int a, int b) { | |
| int out; | |
| asm( | |
| // it's not stated in xchg rax,rax but it's | |
| // intel syntax. Note the noprefix means we | |
| // don't need % before registers | |
| ".intel_syntax noprefix;" |
stevenjohnstone
/ 0x03.smt
Created
January 12, 2019 21:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (set-logic QF_BV) | |
| ; Convention here is add a label to the end of the register | |
| ; to mark a step in the program for which the value applies. | |
| ; e.g. | |
| ; rdx0 is the first value of rdx, rdx1 is the value at the | |
| ; next step of the program, rdxN is the value at the Nth | |
| ; step. | |
| ; | |
| ; Essentially, we're turning an assembly program into SSA form |
stevenjohnstone
/ 0x03.go
Last active
January 28, 2020 13:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| // a branch of keystone golang bindings which builds on linux | |
| "github.com/stevenjohnstone/keystone/bindings/go/keystone" | |
| uc "github.com/unicorn-engine/unicorn/bindings/go/unicorn" | |
| ) |
stevenjohnstone
/ env.py
Last active
March 25, 2019 22:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # coding: utf-8 | |
| import angr | |
| import archinfo | |
| import claripy | |
| import time | |
| def main(): | |
| p = angr.Project('ctf') |
stevenjohnstone
/ env.c
Created
March 25, 2019 21:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <string.h> | |
| int main(int argc, const char **argv) { | |
| char *foo = getenv("foo"); | |
| if (strcmp(foo, "bar") == 0) { | |
| return 0; | |
| } | |
| return 1; | |
| } |
stevenjohnstone
/ tcache.c
Created
March 25, 2019 22:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <assert.h> | |
| #include <dlfcn.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdint.h> | |
| // Background reading: http://tukan.farm/2017/07/08/tcache/ | |
| const size_t msize = 0x100; |
stevenjohnstone
/ chapter5.py
Last active
February 23, 2020 08:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # coding: utf-8 | |
| import angr | |
| import archinfo | |
| import claripy | |
| import time | |
| def main(): | |
| p = angr.Project('ctf') |
stevenjohnstone
/ afl-fuzz.c
Last active
July 31, 2020 15:20
A Lua AFL integration using the debug hook functionality which fires as Lua traverses lines
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Using the approach of afl-python to make a | |
| // Lua fuzzer. | |
| // Build with "gcc -I/usr/include/lua5.3/ -L/usr/local/lib -llua5.3 -rdynamic afl-fuzz.c" | |
| // (or whatever works on your platform). | |
| // | |
| // Write a script which has a global function "fuzz" which reads all of stdin and processes it | |
| // to exercise some code in which you'd like to find logic bugs. | |
| #include <assert.h> | |
| #include <fcntl.h> |
stevenjohnstone
/ resume.json
Last active
August 12, 2025 12:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "meta": { | |
| "theme": "paper-plus-plus" | |
| }, | |
| "basics": { | |
| "name": "Steven Johnstone", | |
| "label": "Software Engineer with Strong Security Focus", | |
| "email": "[email protected]", | |
| "summary": "Seasoned security engineer with 15+ years of experience protecting critical national infrastructure, building security‑first products, and driving compliance for US federal programs. Passionate about breaking things to make them stronger—expert in secure development lifecycles, vulnerability management, and cloud‑native security.", | |
| "location": { |
stevenjohnstone
/ antifuzz.go
Created
January 27, 2021 22:11
Demonstration of issues with using gofuzz (no-hypen) with go-fuzz (has a hypen)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // +build gofuzz | |
| // Package antifuzz shows how gofuzz transformation of inputs breaks coverage guidance. | |
| // | |
| // When running "go-fuzz -func FuzzGood", a crasher is found almost immediately. In contrast, | |
| // when running "go-fuzz -func FuzzBad" no crasher is found and it likely won't for a long time. | |
| package antifuzz | |
| import fuzz "github.com/google/gofuzz" |
OlderNewer