Skip to content

Instantly share code, notes, and snippets.

View kiding's full-sized avatar
🦑
🦜 🦜 🦜 🦜

Dongsung "Donny" Kim kiding

🦑
🦜 🦜 🦜 🦜
123 followers · 34 following
View GitHub Profile
@cablej
cablej / default.md
Created June 21, 2025 18:46
Cluely System prompt

<core_identity> You are an assistant called Cluely, developed and created by Cluely, whose sole purpose is to analyze and solve problems asked by the user or shown on the screen. Your responses must be specific, accurate, and actionable. </core_identity>

<general_guidelines>

  • NEVER use meta-phrases (e.g., "let me help you", "I can see that").
  • NEVER summarize unless explicitly requested.
  • NEVER provide unsolicited advice.
  • NEVER refer to "screenshot" or "image" - refer to it as "the screen" if needed.
  • ALWAYS be specific, detailed, and accurate.
@stypr
stypr / account_takeover.py
Last active April 24, 2025 10:19
Samsung 5G Mobile Router(SCR01) Account Takeover 0day
import os
import time
import uuid
import requests
requests.packages.urllib3.disable_warnings()
headers = {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0",
"Accept": "application/json, text/plain, */*",
"Accept-Language": "en-US,en;q=0.5",
@thesamesam
thesamesam / xz-backdoor.md
Last active November 30, 2025 22:27
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@marcnewlin
marcnewlin / apple-hid-read-flash.py
Created March 23, 2024 15:47
#!/usr/bin/env python3
import usb.core
import struct
from collections import namedtuple
APPLE_VID = 0x05ac
Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])
@paj28
paj28 / index.md
Last active November 18, 2025 02:49

Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.

Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/

A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

@singleghost2
singleghost2 / load_wrapper.cc
Created November 21, 2023 03:09
Disable ASLR on macOS for dylib include those loaded with `dlopen`
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <spawn.h>
#include <sys/wait.h>
#include <string.h>
/* ASLR disabling magic constant from Apple LLDB source code
https://opensource.apple.com/source/lldb/lldb-76/tools/darwin-debug/darwin-debug.cpp
*/
@matteyeux
matteyeux / decrypted.json
Created November 20, 2023 13:15
Apple Vision Pro firmware keys for VisionOS 1.0 beta 1-5
[
{
"url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip",
"build": "21N5207g",
"filename": "iBEC.n301.RELEASE.im4p",
"kbag": "AB7893B981E44BFF298328C89C826F8BA6EF1A7ADC80DB156C9D55D9F4E27E8AD2CC21AFA42A41E1392B57E9FE90D992",
"key": "34b218667cd03eb93e073b9b3bca4a865b20f130550a800b2aa2c1c2348041865cee47db7e3bcda739d05adde9f9f716"
},
{
"url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip",
@Baw-Appie
Baw-Appie / astx2-emulator.user.js
Created February 21, 2023 06:44
// ==UserScript==
// @name ASTx2 Emulator
// @namespace http://tampermonkey.net/
// @version 0.1
// @description try to take over the world!
// @author @BawAppie
// @match https://*/*
// @icon https://www.google.com/s2/favicons?sz=64&domain=ahnlab.com
// @grant none
// ==/UserScript==
@awakecoding
awakecoding / Get-RdpLogonEvent.ps1
Created September 7, 2022 01:20
function Get-RdpLogonEvent
{
[CmdletBinding()]
param(
[Int32] $Last = 10
)
$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{
LogName='Security'
ProviderName='Microsoft-Windows-Security-Auditing'
@mrlnc
mrlnc / ipcc.md
Created April 25, 2022 11:03
iOS IPCC Carrier Configs

Inspect iOS Carrier Profiles (IPCC)

Carrier Profiles configure your smartphone for mobile networks. I'm not sure if Carrier Profiles are just a legacy or are actually required nowadays, since all configuration should be done through the mobile network itself.

You'll find things in there like:

  • enable VoLTE for specific carriers
  • disable some bands (makes sense if your carrier isn't transmitting there)

Download the list of all IPCCs: