Skip to content

Instantly share code, notes, and snippets.

View x0nu11byt3's full-sized avatar

xØnu11byt3 x0nu11byt3

93 followers · 271 following
View GitHub Profile
@Siguza
Siguza / sandbox_spawn.c
Created August 28, 2025 05:15
sandbox-exec but for builtin profiles
#include <spawn.h>
#include <stdint.h>
#include <stdio.h>
extern char **environ;
typedef struct
{
uint32_t version;
uint32_t size;
@stong
stong / tee.py
Last active April 29, 2022 04:48
Duplicate pwntools process output to stdout with tee(2) syscall
import sys
import os
from pwn import *
def tee_process(p):
import threading
import ctypes
libc = ctypes.CDLL(None)
splice = libc.splice
tee = libc.tee
@Siguza
Siguza / phoenix.c
Last active March 7, 2026 23:37
Phœnix exploit / iOS 9.3.5
// Bugs by NSO Group / Ian Beer.
// Exploit by Siguza & tihmstar.
// Thanks also to Max Bazaliy.
#include <stdint.h> // uint32_t, uint64_t
#include <stdio.h> // fprintf, stderr
#include <string.h> // memcpy, memset, strncmp
#include <unistd.h> // getpid
#include <mach/mach.h>
#include <stdlib.h>
@farazsth98
farazsth98 / harekaze_mini_ctf_2020.md
Last active February 27, 2021 05:24
Harekaze mini CTF 2020

I played Harekaze Mini CTF 2020 for about 3 hours this weekend. The pwn challenges were nice (I especially enjoyed nm-game-extreme). Here are some short writeups.

shellcode

The program just tells you to provide shellcode that will execute execve("/bin/sh", NULL, NULL). It gives you the address of the "/bin/sh" string, so you just create shellcode to do the job and send it:

#!/usr/bin/env python3

from pwn import *
@stong
stong / cheese.cpp
Last active August 28, 2024 01:26
pbctf 2020: Jiang Ying's Disasssembler author's writeup
// TLDR:
// Whitebox 128-bit rsa with e=17. Input is multiplied by a constant before the RSA
#include <Windows.h>
#include <stdio.h>
#include <stdint.h>
extern "C" void __fastcall rsa_encrypt (uint8_t* in, uint8_t* out);
// 1. Func is ~90kb, and control flow is simple. Should be decompilable just extremely SLOW.
@geohot
geohot / prius_kf.py
Last active March 9, 2021 07:36
Prius Steering Angle Kalman Filter
%pylab inline
%load_ext autoreload
%autoreload 2
from tools.lib.route import Route
from tools.lib.logreader import LogReader
r,num = Route("ce2fbd370f78ef21|2020-11-27--16-27-28"),10
#r,num = Route("f66032c2b5aa18ac|2020-12-04--09-33-54"),30
alr = []
for n in range(num-1, num+5):
@LiveOverflow
LiveOverflow / hireme.ipynb
Created November 20, 2020 10:46
Hire me!!!!!!!!
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@byt3bl33d3r
byt3bl33d3r / eventvwr_crash.py
Created September 18, 2020 08:12
Crash the Windows Event Log service remotely (needs admin privs)
# Crash the Windows Event Log Service remotely, needs Admin privs
# originally discovered by limbenjamin and accidently re-discovered by @byt3bl33d3r
#
# Once the service crashes 3 times it will not restart for 24 hours
#
# https://github.com/limbenjamin/LogServiceCrash
# https://limbenjamin.com/articles/crash-windows-event-logging-service.html
#
# Needs the impacket library (https://github.com/SecureAuthCorp/impacket)
@Siguza
Siguza / assym.c
Created August 26, 2020 15:08
Apple Silicon kernels
#include <fcntl.h>
#include <stdio.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <mach-o/loader.h>
#include <mach-o/nlist.h>
int main(int argc, const char **argv)
{
if(argc != 2)
@muff-in
muff-in / resources.md
Last active March 5, 2026 00:46
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources