TRIAGE OUTPUT: Serialised(
FileTriage {
file_name: "C:\\Users\\flux\\Downloads\\test\\drv.bin",
gmh5225.eth gmh5225
🙃
gmh5225
/ gist:e6d6ed1536a9a496b2094588280dc6bf
Created
April 6, 2026 06:08
— forked from tylearymf/gist:a7e536516409b9e7484130cce7674c4f
GMail邮箱别名
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 例子:username@gmail.com,下面1和3可以搭配,2和3可以搭配,下面邮箱等同于 username@gmail.com | |
| 1、可以在前面的username中加点号,如 user.name@gmail.com | |
| 2、可以在username后面添加+号xxx,如username+taobao@gmail.com | |
| 3、可以将@gmail.com换成@googlemail.com |
gmh5225
/ ChatGPT-OpenAI-LLM-vulnerability-discovery-output.md
Created
April 4, 2026 15:37
— forked from 0xflux/ChatGPT-OpenAI-LLM-vulnerability-discovery-output.md
BumbleRee test output
gmh5225
/ anthropic-bumble-bee.md
Created
April 4, 2026 15:36
— forked from 0xflux/anthropic-bumble-bee.md
Anthropic BumbleRee results
gmh5225
/ 00_README.md
Created
March 31, 2026 14:25
— forked from N3mes1s/00_README.md
Axios npm Supply Chain Compromise (2026-03-31) — Full RE + Dynamic Analysis + BlueNoroff Attribution | 17 SHA256 | YARA/Sigma/Suricata rules | Live peinject validation on Daytona
Date: 2026-03-31 | Attribution: BlueNoroff / Lazarus Group (HIGH confidence) Attack: Maintainer account hijacked, cross-platform RAT deployed via axios@1.14.1 and axios@0.30.4
On March 30-31, 2026, the npm package axios (~83M weekly downloads) was compromised through a maintainer account hijack. Two malicious versions injected plain-crypto-js@4.2.1, an obfuscated dropper that deploys platform-specific RATs (Windows PowerShell, macOS Mach-O C++, Linux Python). The macOS RAT is classified as NukeSped (Lazarus-exclusive). The internal project name macWebT links directly to BlueNoroff's documented RustBucket webT module from 2023.
gmh5225
/ VGK DriverEntry Analysis.md
Created
March 14, 2026 07:47
— forked from rhaym-tech/VGK DriverEntry Analysis.md
A well detailed Riot Vanguard Kernel AntiCheat (vgk.sys) analysis
Vanguard's anti-cheating system is a protection system that pays more attention to the threshold, and the overall design and realization of the national re-examination anti-cheating system is still not the same. Here we first discuss the threshold and the difficulty of analysis, and then discuss these in blocks later.
- After the game is installed, Riot Vanguard will be installed to C:\Program Files\Riot Vanguard Under the catalog. Its overall anti-cheating is driven by vgk.sys And the three-ring program vgc.exe achieve
- The VGK-driven boot is turned on, and the boot mode is activated. When the game is activated, it will be verified that this state cannot be turned on if it is not turned on. VGK drive will intercept all unsigned, loophole-driven and black-driven loading. That is, all public ARK and some Rootkit tools, even Dbgview, cannot be used. However, after testing, the driver can be successfully loaded with a time-poke signature.
- Neither Ring3 nor Ring0 can w
gmh5225
/ world-id-protocol_attestation.log
Created
February 22, 2026 02:07
— forked from dcbuild3r/world-id-protocol_attestation.log
Attestation for world-id-protocol MPC Phase 2 Trusted Setup ceremony
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hey, I'm dcbuild3r-19372745 and I have finalized the world-id-protocol MPC Phase2 Trusted Setup ceremony. | |
| The following are my contribution signatures: | |
| Circuit # 1 (oprfkeygenproof13) | |
| Contributor # final | |
| Contribution Hash: 4d431429 12461b17 2e14232b 6b1c878b | |
| 48248de8 b8f1340c 18e93c6d cf2c4b10 | |
| f447a3d7 8be20b16 772080d6 2cefb8e1 | |
| 248bfc91 816d34da 07bacde2 5c384fd2 |
gmh5225
/ README.md
Created
February 22, 2026 01:25
— forked from camel-cdr/README.md
Visualizing the RISC-V Instruction Set
Earlier today, I came across the blog post "Visualizing the ARM64 Instruction Set" and got inspired to give it a shot my self.
After hacking together a quick script and fiddling with the bit order and colors for way too long, I managed to create a decent visualization of the RISC-V instruction encoding. You can find my code below.
The following graphics cover the 64-bit part of the RISC-V ISA, including all ratified 64-bit extensions, with opcodes extracted from the riscv/riscv-opcodes repo.
I mapped the opcodes to 2D coordinates with a Morton space-filling curve.
gmh5225
/ README.md
Created
February 2, 2026 05:20
— forked from emschwartz/README.md
The Most Popular Blogs of Hacker News in 2025
This is an OPML version of the HN Popularity Contest results for 2025, for importing into RSS feed readers.
gmh5225
/ clawdbot-selfcheck-en.md
Created
January 26, 2026 15:50
— forked from zhixianio/clawdbot-selfcheck-en.md
Clawdbot Security Self-Check / Clawdbot 安全自检
gmh5225
/ goofy_map_image.cpp
Created
January 24, 2026 01:19
— forked from JustasMasiulis/goofy_map_image.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| IO_STATUS_BLOCK iosb; | |
| UNICODE_STRING path = RTL_CONSTANT_STRING(L"\\SystemRoot\\System32\\ntdll.dll"); | |
| OBJECT_ATTRIBUTES attr = RTL_CONSTANT_OBJECT_ATTRIBUTES(&path, 0); | |
| HANDLE file, section; | |
| // only FILE_EXECUTE | |
| NTSTATUS status = NtCreateFile(&file, FILE_EXECUTE, &attr, &iosb, nullptr, 0, 0, FILE_OPEN, 0, nullptr, 0); | |
| printf("NtCreateFile %lx\n", status); | |
| // request PAGE_EXECUTE when creating - the only permission compatible with FILE_EXECUTE. |
NewerOlder