Skip to content

Instantly share code, notes, and snippets.

View SeanHeelan's full-sized avatar

Sean Heelan SeanHeelan

262 followers · 1 following
View GitHub Profile
@SeanHeelan
SeanHeelan / prepare_compact.txt
Created January 14, 2026 12:17
Claude prepare-compact command
$ cat $HOME/.claude/commands/prepare-compact.md
---
description: Prepare for context compaction by updating the plan with all necessary information
allowed-tools: [TodoWrite, Read]
---
# Prepare for Compaction
Your context window is almost full and I need to compact the conversation. Update your plan to ensure:
@SeanHeelan
SeanHeelan / mquickjs_exploit.md
Last active January 14, 2026 17:32
mquickjs exploit analysis (GPT-5.2)

Exploit analysis (exec-shell)

Note: All of this is generated by the LLM.

Overview

We exploit a TOCTOU bug in Array.prototype.splice (js_array_splice in mquickjs.c) to obtain an out-of-bounds (OOB) write into adjacent heap allocations inside mquickjs’s linear heap arena. We use the OOB write to corrupt a Uint8Array’s internal len field, turning it into an OOB byte read/write primitive. With that primitive we:

  1. Leak a pointer into the PIE binary (via a ROM props pointer) and derive the PIE base.
  2. Read the resolved fwrite@GOT entry to leak libc base.
  3. Overwrite fwrite@GOT with system.
@SeanHeelan
SeanHeelan / stl_bitvector.h
Created September 23, 2021 12:21
stl_bitvector.h
// vector<bool> specialization -*- C++ -*-
// Copyright (C) 2001-2020 Free Software Foundation, Inc.
//
// This file is part of the GNU ISO C++ Library. This library is free
// software; you can redistribute it and/or modify it under the
// terms of the GNU General Public License as published by the
// Free Software Foundation; either version 3, or (at your option)
// any later version.
@SeanHeelan
SeanHeelan / heelan_greybox_2020.bib
Created November 2, 2020 22:21
@phdthesis{heelan_greybox_2020,
title = {Greybox {Automatic} {Exploit} {Generation} for {Heap} {Overflows} in {Language} {Interpreters}},
url = {https://seanhn.files.wordpress.com/2020/11/heelan_phd_thesis.pdf},
school = {University of Oxford},
author = {Heelan, Sean},
year = {2020}
}
@SeanHeelan
SeanHeelan / .bashrc
Created February 29, 2020 19:13
Shell mark and jump to directories
export MARKPATH=$HOME/.marks
function jump {
cd -P "$MARKPATH/$1" 2>/dev/null || echo "No such mark: $1"
}
function mark {
mkdir -p "$MARKPATH"; ln -s "$(pwd)" "$MARKPATH/$1"
}
function unmark {
rm -i "$MARKPATH/$1"
}
@SeanHeelan
SeanHeelan / aeg.bib
Created January 29, 2020 21:14
Bibliography for an AEG talk
@inproceedings{avgerinos_aeg:_2011,
title = {{AEG}: {Automatic} {Exploit} {Generation}},
booktitle = {Network and {Distributed} {System} {Security} {Symposium}},
author = {Avgerinos, Thanassis and Cha, Sang Kil and Hao, Brent Lim Tze and Brumley, David},
month = feb,
year = {2011},
keywords = {MyPHDThesis}
}
@inproceedings{brumley_automatic_2008,
@SeanHeelan
SeanHeelan / gist:e24109026da6fdf59e1b5ba2555992b6
Created January 9, 2020 23:06
Cloze with typing
Front + Back template
--------------
{{cloze:Text}} <br />
({{Extra}}) <br />
{{type:cloze:Text}}<br />
@SeanHeelan
SeanHeelan / gist:0a49807f4eabfa62ba50a18324166501
Created January 1, 2020 21:54
Anki Cloze Card Front and Back Templates
<span style="font-size:150%;"> {{Verb}} in {{Tense}} </span> <br/>
<em>Nota: Usi una virgola (,) tra le risposte.</em><br/><br/>
{{cloze:Text}}<br/><br/>
{{type:cloze:Text}}
{{FrontSide}}
<hr>
{{Extra}}
@SeanHeelan
SeanHeelan / gist:a459f20f740e64c5b108d7e85ea12322
Created January 1, 2020 21:54
Anki Cloze Card Front and Back Templates
<span style="font-size:150%;"> {{Verb}} in {{Tense}} </span> <br/>
<em>Nota: Usi una virgola (,) tra le risposte.</em><br/><br/>
{{cloze:Text}}<br/><br/>
{{type:cloze:Text}}
{{FrontSide}}
<hr>
{{Extra}}