Alex Matrosov matrosov

IDAholic, #CodeXplorer, @REhints , "Rootkits and Bootkits" book co-author (http://bootkits.io), Firmware voodoo, and TEE exorcist.

matrosov / scan-react2shell-deps.sh

Created December 8, 2025 03:02

Tiny ripgrep-based inventory scanner for React2Shell-affected React Server Components.

	#!/usr/bin/env bash
	set -euo pipefail

	# Vulnerable RSC versions (React2Shell)
	VULN='19\.0\.0\|19\.1\.0\|19\.1\.1\|19\.2\.0'
	PKG='react-server-dom-(webpack\|parcel\|turbopack)'

	echo "=== React2Shell(CVE-2025-55182) RSC dependency inventory ==="
	echo

matrosov / react2shell-semgrep.yaml

Last active December 8, 2025 23:21

Static analysis rules for detecting React2Shell(CVE-2025-55182) exposure in JS/TS codebases.

	rules:
	# ========================================================================
	# Detection of CVE-2025-55182 (React2Shell) exposure and exploitability
	#
	# TIER 1: Inventory-level (vulnerable deps or at-risk Next.js)
	# TIER 2: Exposure-level (server imports of RSC libraries)
	# TIER 3: Exploit chain (taint from HTTP → decodeReply/decodeAction/etc.)
	# ========================================================================

	# ------------------------------------------------------------------------

matrosov / keybase.md

Created December 5, 2015 01:30

I hereby claim:

I am matrosov on github.
I am matrosov (https://keybase.io/matrosov) on keybase.
I have a public key whose fingerprint is B58F 5182 FF96 B3A6 0F05 99F8 2A2D 380D 4CAD 31E1

To claim this, I am signing this object:

matrosov / gist:7df04f4b21f55c7b7413

Created October 7, 2014 17:36

Snowman decompilation result

matrosov / gist:a69ab2254aa16a024976

Created October 7, 2014 17:35

Hex-Rays decompilation result

	void __fastcall CMarkup::UpdateMarkupContentsVersion(CMarkup *this, int a2)
	{
	int v2; // eax@1
	int v3; // ecx@3
	int v4; // eax@3
	int v5; // eax@6
	int v6; // eax@8
	int v7; // eax@9
	int v8; // ecx@13
	int v9; // esi@14