Made using Excalidraw! (I swear it's awesome for diagrams)
PNG Version (click to expand)
AstonishedLiker
/ uefi_boot_flow.md
Last active
March 10, 2026 20:43
Summary of UEFI Boot Flow (EDK II's BdsDxe)
daily3014
/ "Early Resumption Exploit".md
Last active
March 3, 2026 20:39
Works by:
- suspending the thread via an instance function that yields or via task.wait
- resuming the thread via coroutine.resume
Highlights:
- hides return values from hooks
- breaks those that "bypass" it (example: Simple Spy)
- works on any instance function that yields
- calling those functions will return the return values of the previous yield
- probably has other uses, i couldnt be bothered to explore
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Original from https://devforum.roblox.com/t/getextentssize-of-one-part-without-model/404945/7 | |
| -- 300% faster than original | |
| -- 12.5% faster than forks claiming to be 20% faster | |
| --!native | |
| --!optimize 2 | |
| --!strict | |
| local Abs, New = math.abs, Vector3.new | |
| local Components = CFrame.identity.GetComponents |
daily3014
/ randomservice_poc.luau
Last active
January 20, 2026 20:10
RandomService: Bruteforcing the RNG state
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local Seed = 568182 | |
| local RNGState = Random.new(Seed) | |
| -- The seed is unknown to the exploiter at this point | |
| local function Advance(Seed) | |
| math.randomseed(Seed or math.random(1, 1000)) | |
| for i = 1, math.random(1, 3) do | |
| if math.random() > 0.5 then | |
| continue |
TheGreatSageEqualToHeaven
/ main.md
Last active
January 27, 2026 04:04
bypassing blocked function protections using corescripts
author: James Napora.
- corescripts have RobloxScript permissions on Roblox.
- exploit function protections do not run on any threads except exploit threads.
- roblox has several permission levels:
None,Plugin,LocalUser,RobloxScriptandRoblox. - actors on Roblox run whenever a script under it has a client run context, e.g local scripts, scripts with RunContext.Client and corescripts.
- scripts under actors share the same global state
KasperSkytte
/ proxmox_passthrough_guide.md
Created
April 18, 2023 11:38
— forked from baodrate/proxmox_passthrough_guide.md
https://www.reddit.com/r/homelab/comments/b5xpua/the_ultimate_beginners_guide_to_gpu_passthrough/
mirror of The Ultimate Beginner's Guide to GPU Passthrough (Proxmox, Windows 10) by /u/cjalas
>Welcome all, to the first installment of my Idiot Friendly tutorial series! I'll be guiding you through the process of configuring GPU Passthrough for your Proxmox Virtual Machine Guests. This guide is aimed at beginners to virtualization, particularly for Proxmox users. It is intended as an overall guide for passing through a GPU (or multiple GPUs) to your Virtual Machine(s). It is not intended as an all-exhaustive how-to guide; however, I will do my best to provide you with all the necessary resources and sources for the passthrough process, from start to finish. If something doesn't work properly, please check /r/Proxmox, /r/Homelab, /r/VFIO, or
TheGreatSageEqualToHeaven
/ Lua51AllOpcodeCases.lua
Last active
November 24, 2025 04:56
Lua 5.1 Opcode Case Test File
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- load | |
| local math = math -- GETGLOBAL | |
| local newproxy = newproxy -- GETGLOBAL | |
| local ipairs = ipairs -- GETGLOBAL | |
| local floor = math.floor -- GETTABLE KST(C) | |
| local pi = math.pi -- GETTABLE KST(C) | |
| local _nil = nil -- LOADNIL B -> C (1) | |
| local _true = true -- LOADBOOL B(1) | |
| local _false = false -- LOADBOOL B(0) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Location "C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\www" | |
| Copy-Item app.js app.js.bak | |
| $js = Get-Content app.js | |
| $js = $js -replace "`"choose`"===\w\.nvActiveAuthView[\D]*\)\}", ` | |
| '"choose"===this.nvActiveAuthView)};this.handleLoggedIn({sessionToken:"",userToken:"",user: {core:{displayName:"Anonymous",primaryEmailVerified: true}}});' | |
| $js = $js -replace "\w\.selectView\(\)\},\w\.selectView=function\(\)\{", "return;" | |
| $js > app.js |
05t3
/ CVE-2017-0144.md
Last active
February 26, 2026 11:01
This is a quick walkthrough of how you can go about exploiting eternalblue on a target
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability."
You can read more about the exploit Wikipedia or Avast's Blog
ulidtko
/ Exploiting Lua 5.1 bytecode.md
Last active
December 4, 2025 13:00
— forked from corsix/Exploiting Lua 5.1 on 32-bit Windows.md
The following Lua program generates a Lua bytecode program called lua-sandbox-rce.luac, which in turn spawns a shell from within Lua 5.1 sandbox. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.
function outer()
local magic -- In bytecode, the stack slot corresponding to this local is changed
local function middle()
local co, upval
local ub1 = {[0] = -- Convert uint8_t to char[1]NewerOlder