fuzzamos / authorize.swift

Created July 16, 2019 20:59 — forked from saelo/authorize.swift

Simple program to interact with authd via the macOS authorization API Raw

	import Foundation

	let rightname = "sys.openfile.readonly./tmp/cantread.txt"

	var status: OSStatus

	var authref: AuthorizationRef?
	let flags = AuthorizationFlags([.interactionAllowed, .extendRights, .preAuthorize])
	status = AuthorizationCreate(nil, nil, flags, &authref)
	assert(status == errAuthorizationSuccess)

fuzzamos / quick_ioctl_decoder.py

Created July 12, 2019 18:21 — forked from herrcore/quick_ioctl_decoder.py

IDA Python plugin - Decode IOCTL Codes

	############################################################################################
	##
	## Quick IOCTL Decoder!
	##
	## All credit for actual IOCTL decode logic:
	## http://www.osronline.com/article.cfm?article=229
	##
	##
	## To install:
	## Copy script into plugins directory, i.e: C:\Program Files\IDA 6.8\plugins

fuzzamos / grsec-debian-digitalocean.md

Created May 25, 2019 11:57 — forked from ageis/grsec-debian-digitalocean.md

Building a grsec-patched Linux kernel for Debian 8 and DigitalOcean

It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.

We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".

Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.3.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.

Install dependencies:

fuzzamos / gist:31c289d4172c23c0a69218336af37cf4

Created May 25, 2019 11:57 — forked from richinseattle/gist:044b50440b7778d6c6ab0e174d05bfe8

moflow-0.8 slicer/run_demo.sh expected output

	./run_demo.sh
	Build demo binary..
	gcc -m32 demo.c -o demo


	Tracing taint propagation in demo vuln binary with pintool..
	Logging initially enabled: 0
	Code cache limit is 0
	Starting program
	This is modload()

fuzzamos / gist:4e423640a9e1aa1b2a49e739c4f59016

Created May 25, 2019 11:57 — forked from richinseattle/gist:69affc0f05fae0c60ca612d3e078dd2d

Harnessing Intel Processor Trace on Windows for Vulnerability Discovery

	Harnessing Intel Processor Trace on Windows for Vulnerability Discovery
	Richard Johnson

	Biography

	Richard Johnson is a computer security specialist with a focus on software
	vulnerability analysis. Currently the Research Technical Lead of Talos Group
	for Cisco, Richard offers 15 years of expertise and leadership in the software
	security industry. Current responsibilities include research and development of
	advanced fuzzing and crash analysis technologies facilitating the automation of

fuzzamos / Vulnerability Discovery and Triage Automation Training - rjohnson.md

Created May 25, 2019 11:56 — forked from richinseattle/Vulnerability Discovery and Triage Automation Training - rjohnson.md

Vulnerability Discovery and Triage Automation Training

Richard Johnson

Jan 11, 2017

Overview

fuzzamos / hexdump.c

Created May 25, 2019 11:56 — forked from richinseattle/hexdump.c

	#include <stdio.h>
	#include <ctype.h>

	#ifndef HEXDUMP_COLS
	#define HEXDUMP_COLS 16
	#endif

	void hexdump(void *mem, unsigned int len)
	{
	unsigned int i, j;

fuzzamos / libradamsa test (win10 x64)

Created May 25, 2019 11:56 — forked from richinseattle/libradamsa test (win10 x64)

	C:\code\radamsa>bin\libtest.exe

	============= TEST: MEM TO MEM =============

	virtualized radamsa_read(fd=3, buf=000000000118D180, count=2824)
	requested: 2824 input_size: 64 input_index: 0 returned: 64

	virtualized radamsa_read(fd=3, buf=000000000118D310, count=2760)
	requested: 2760 input_size: 64 input_index: 64 returned: 0

fuzzamos / afl_build.sh

Created May 25, 2019 11:56 — forked from richinseattle/afl_build.sh

	#!/bin/bash

	# installs dependenies and builds ubuntu package from source
	# set CC / CXX environment variables as needed

	USAGE="$0 <apt package> ..."

	if [ $# -lt 1 ]; then
	echo "$USAGE"
	exit 1

fuzzamos / windows10qemu.sh

Created May 25, 2019 11:56 — forked from Manouchehri/windows10qemu.sh

Running Windows 10 in a UEFI enabled QEMU environment with KVM.

	# Installing
	qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 2048 -cdrom ~/Downloads/Win10_English_x64.iso -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -drive file=~/Downloads/virtio-win-0.1.105.iso,index=1,media=cdrom

	# Running
	qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 4096 -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -usbdevice tablet -rtc base=utc