Skip to content

Instantly share code, notes, and snippets.

View iNarcissuss's full-sized avatar

BasicP iNarcissuss

100 followers · 1.2k following
View GitHub Profile
@iNarcissuss
iNarcissuss / VirtualizationResources.md
Created August 25, 2021 09:42 — forked from uchi-mata/VirtualizationResources.md
This gist gathers resources that can be used to get started with virtualization (security) research and to get a deeper understanding of virtualization internals.
@iNarcissuss
iNarcissuss / README.md
Created November 19, 2018 13:50 — forked from magnetikonline/README.md
Using Dnsmasq with Ubuntu 16.04LTS/14.04LTS/12.04LTS for virtual machine web application testing.

Using Dnsmasq with Ubuntu for VM web application testing

When running virtual machines under a Linux host system for testing web apps in various browsers (e.g. Internet Explorer), I found it rather tedious having to continually tweak the hosts file within each VM for the purpose of adding entries pointing back to the host machine's development web server address.

Instead the steps below will setup Dnsmasq on a Ubuntu 16.04LTS, 14.04LTS or 12.04LTS host machine for the purpose of serving both it's own DNS queries and that of virtual machine guests. Dnsmasq will parse the /etc/hosts file on your host machine where we will keep a single set of DNS entires to our test web application(s).

@iNarcissuss
iNarcissuss / runmamadroid.sh
Created November 1, 2018 08:44 — forked from maxvonhippel/runmamadroid.sh
Getting started with MaMaDroid on Mac OS
# Clone MamaDroid
git clone https://bitbucket.org/gianluca_students/mamadroid_code.git mamadroid
# Get some malware to look at
git clone https://github.com/ashishb/android-malware.git malware
# Export variables
export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/bin/
export JRE_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_102.jdk/Contents/Home/jre/bin
export PATH=$JAVA_HOME:$JRE_HOME:$PATH
# Base dir variable for convenience
basedir=$(echo $(pwd)/mamadroid)
@iNarcissuss
iNarcissuss / iBoot.d11.RELEASE.im4p.c
Created December 22, 2017 10:41
This file has been truncated, but you can view the full file.
/* This file has been generated by the Hex-Rays decompiler.
Copyright (c) 2007-2017 Hex-Rays <info@hex-rays.com>
Detected compiler: GNU C++
*/
#include <defs.h>
//-------------------------------------------------------------------------
@iNarcissuss
iNarcissuss / How To Hack WhatsApp & Telegram Using SS7 Flaw
Created November 12, 2017 13:44 — forked from CHEF-KOCH/How To Hack WhatsApp & Telegram Using SS7 Flaw
How To Hack WhatsApp & Telegram Using SS7 Flaw
Researchers are easily able to hack WhatsApp and Telegram using the known telecom flaw
We continuously receive queries from readers about how to hack WhatsApp. The world’s most popular cross platform messaging App is seen to be ultimate hack by many because it has recently enabled 256-bit encryption.
For ordinary souls this encryption would take days and months to decode a sentence or a complete message. Ditto with another secure messaging service called Telegram. Though Telegram is not as popular as WhatsApp, it has its ardent group of followers who use it for its encryption as well as snooping free service.
Though both of these Apps are end-to-end encrypted both of them suffer from hardware side vulnerability which can be exploited to hack and hijack both WhatsApp and Telegram.
The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed i
@iNarcissuss
iNarcissuss / sqlmap 和 w3af 简单使用教程
Created April 4, 2017 15:17 — forked from awuhuan/sqlmap 和 w3af 简单使用教程
w3af 核心插件 discovery、audit、attack 三者。
1:discovery plugins 查找 URL、表单和网站的可注入点 injection points
2:audit plugins 针对1 找到的injection points 传入特殊的 input data 分析注入点( SQL Injection、XSS 等)
3:attack plugins 针对2 攻击了 例如 remote shell、SQL table dump、a proxy 等
除了上述三个,w3af 已有超过 130 个 plugins:
分别分为以下几大类
1: discovery:查找网页中的 injection points
2: audit:由 discovery plugins 产生的结果查找网站弱点
@iNarcissuss
iNarcissuss / llvm-update-alternatives
Created January 18, 2017 13:21 — forked from RaymondKroon/llvm-update-alternatives
LLVM & clang alternatives
#!/usr/bin/env sh
sudo update-alternatives --install \
/usr/bin/llvm-config llvm-config /usr/bin/llvm-config-3.6 200 \
--slave /usr/bin/llvm-ar llvm-ar /usr/bin/llvm-ar-3.6 \
--slave /usr/bin/llvm-as llvm-as /usr/bin/llvm-as-3.6 \
--slave /usr/bin/llvm-bcanalyzer llvm-bcanalyzer /usr/bin/llvm-bcanalyzer-3.6 \
--slave /usr/bin/llvm-cov llvm-cov /usr/bin/llvm-cov-3.6 \
--slave /usr/bin/llvm-diff llvm-diff /usr/bin/llvm-diff-3.6 \
--slave /usr/bin/llvm-dis llvm-dis /usr/bin/llvm-dis-3.6 \
@iNarcissuss
iNarcissuss / rund
Created October 20, 2016 06:16 — forked from guohai/rund
launcher script for Dalvik on X86 Linux
#!/bin/sh
# base directory, at top of source tree; replace with absolute path
base=`pwd`
# configure root dir of interesting stuff
root=$base/out/host/linux-x86
export ANDROID_ROOT=$root
# configure bootclasspath
@iNarcissuss
iNarcissuss / AndroidManifestFuzzer
Created October 5, 2016 09:06 — forked from k3170makan/AndroidManifestFuzzer
Nifty Little Bash Script for Fuzzing Application AndroidManifest.xml's
#!/bin/bash
#Basic set up for an Application AndroidManifest Fuzzer
#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
#NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue
APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME
@iNarcissuss
iNarcissuss / exec-notify.c
Created August 15, 2016 10:28 — forked from zohead/exec-notify.c
Linux process notification, from: http://users.suse.com/~krahmer/exec-notify.c
/* exec-notify, so you can watch your acrobat reader or vim executing "bash -c"
* commands ;-)
* Requires some 2.6.x Linux kernel with proc connector enabled.
*
* $ cc -Wall -ansi -pedantic -std=c99 exec-notify.c
*
* (C) 2007-2010 Sebastian Krahmer <krahmer@suse.de> original netlink handling
* stolen from an proc-connector example, copyright folows:
*/
/*