Install the CodeQL extension and configure the CLI!
This is not strictly mandatory, but you probably want something like this:
buherator v-p-b
v-p-b
/ CodeQL_Workspace_without_starter.md
Last active
July 25, 2020 20:26
Setting up a CodeQL workspace without the starter repository
v-p-b
/ Ghidra_Decompiler_Notes.md
Last active
June 27, 2020 19:33
My current target uses a deterministic pattern when calling C++ constructors, so I can use the CFG to identify object instantiation. Here are my notes about how to use Ghidra's decompiler to get the sizes of objects to be created:
We can use the parameter of operator_new() to find the size of the objects. Instead of parsing the instructions of the relevant basic blocks (and hoping that we don't run into some unexpected instruction sequences generated by the compiler) we can use the decompiler to get the association between the call to operator_new() and its parameter.
Ghidra/Features/Decompiler/ghidra_scripts/ShowCCallsScript.java contains a nice example of how to use the Decompiler API. First, an instance of DecompInterface must be created, as shown in setUpDecompiler(). Note that this method doesn't call openProgram() on the returned DecomInterface object, that is necessary to run decompilation! The decompileFunction() method works as expected - the returned DecompileResults object con
v-p-b
/ AV2019.txt
Last active
March 5, 2021 16:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://seclists.org/fulldisclosure/2019/Aug/1 | |
| https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67 | |
| https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/ | |
| https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM | |
| http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html | |
| https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 | |
| https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6 | |
| https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html |
v-p-b
/ S2_Jasper_RCE.jrxml
Created
December 6, 2018 15:14
JasperReports Remote Code Execution with a single .JRXML file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE jasperReport PUBLIC "-//JasperReports//DTD Report Design//EN" "http://jasperreports.sourceforge.net/dtds/jasperreport.dtd"> | |
| <jasperReport name="FirstJasper" columnCount="2" pageWidth="595" pageHeight="842" columnWidth="270" columnSpacing="15" leftMargin="20" rightMargin="20" topMargin="30" bottomMargin="30"> | |
| <style name="Arial_Normal" isDefault="true" fontName="Arial" fontSize="8" isBold="false" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica" pdfEncoding="Cp1252" isPdfEmbedded="false"/> | |
| <style name="Arial_Bold" isDefault="false" fontName="Arial" fontSize="8" isBold="true" isItalic="false" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Bold" pdfEncoding="Cp1252" isPdfEmbedded="false"/> | |
| <style name="Arial_Italic" isDefault="false" fontName="Arial" fontSize="8" isBold="false" isItalic="true" isUnderline="false" isStrikeThrough="false" pdfFontName="Helvetica-Oblique" pdfEncoding="Cp1252" isPdfEmbedded="fa |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import struct | |
| """ | |
| From debugger trace to Lighthouse | |
| ================================= | |
| Converting debugger trace logs to binary drcov format that is good enough for Lighthouse. |
v-p-b
/ keybase.md
Created
December 5, 2017 11:07
I hereby claim:
- I am v-p-b on github.
- I am buherator (https://keybase.io/buherator) on keybase.
- I have a public key whose fingerprint is 1DD5 6AFB 0660 4106 7B70 4F71 B84C 47BD 86EA 1855
To claim this, I am signing this object:
v-p-b
/ Skeptics_Guide_to_Security_Cons.md
Last active
January 23, 2020 13:43
Skeptics Guide to Security Conferences
- Anonymous - Script kiddies. Also see: Slacktivism
- Advanced - More advanced than the products the presenter sells
- APT - "Fancy name for shit you have in your network and didn't notice for a while"
- China - Because why not? Also see: Attribution Dice
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name[0%20%20oxr%201%3d1%20--%20]=admin&name[0]=admin&pass=S2test&form_build_id=form-sn1hRoa-B1e-GhbPCBRswqRllD0noOdRnJE5iiO53pI&form_id=user_login_block&op=Log+in | |
| <li><em class="placeholder">PDOException</em>: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'oxr 1=1 -- , 'admin' AND status = 1' at line 1: SELECT * FROM {users} WHERE name = :name_0 oxr 1=1 -- , :name_0 AND status = 1; Array | |
| ( | |
| [:name_0 oxr 1=1 -- ] => admin | |
| [:name_0] => admin | |
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ $1 ]; then | |
| if [[ $2 && $2 == "done" ]]; then | |
| rm ~/_todo/$1; | |
| else | |
| touch ~/_todo/$1; | |
| fi; | |
| fi; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://code.google.com/p/paimei/ - As of r253 | |
| - You need pydasm, it is included in the libdasm package. v1.5 is fine, you don't want to fight with the bugs of the unstable version - http://code.google.com/p/libdasm/ | |
| - PyDasm will cry about MSVC scripts but you don't need those. Install MinGW (with C++ support?) - http://www.mingw.org/ | |
| - Add MinGw's bin directory to your path or else it won't find gcc | |
| - Remove the -mno-cygwin parameters from pythonXX\lib\distutils\cygwinccompiler.py, remove the .pyc to recompile | |
| - setup.py build_ext --compiler=mingw32 | |
| - setup.py install may fail. Install the lib by copying the .pyd file from the build directory to PythonXX\Lib\site-packages | |
| - You don't need PaiMei's dependencies to use PyDbg, just simply build and install with setup.py | |
| - Remove the bundled pydasm.pyd from the PaiMei package |
NewerOlder