PoC or GTFO
The following is documentation about my mirror to help propagate this amazing zine, Proof of Concept or Get The Fuck Out, put out by the great Pastor Manul Laphroaig. The motivation for such comes as highly encouraged reading to those who follow this blog and generally because it is one of my favorite modern hacking zines. My goal is to propagate the awesome hacking publication, as they call for mirrors, similar to other popular mirrors out there. My favorite characteristic of the zine is how it regularly explores type confusion in protocols and files, for example most issues are some type of polyglot, holding secret treasure within a zip, or containing a totally different file type! The issues are highly technical and typically arm the readers with practical knowledge about implementing whatever exploit or esoteric type of computing that the article is about (hence the title, Proof of Concept). Further, I enjoy the style in which the zine and editorial content are crafted, it combines a jovial religious tone with that of the hacker underground, creating a very unique voice. The articles are always peculiar and highly interesting, often dealing with obscure technologies and protocols that are often chosen to highlight specific theories from an educational context. The content curation is also excellently done, there are few articles that have been accepted of lesser quality, despite the close community of hackers that seems to submit the articles. And even still, there are artistic articles, such as poems about computing or methods for generating art in unique ways from computing machines. Yes, this zine consistently brings unique and interesting topics to me, opening my eyes with each new issue to old technologies or exploits that still serve as amazing learning opportunities today. I would also like to thank the authors and editors for all their hard work in putting this together, reviving the computer zine scene, and especially for printing and distributing the zine at local hacker conferences, which is how I came across my first issue (although the digital editions are far more fun, namely for the computing gems hidden in the polyglots). The following are some of the articles contained within the issues, so you can get a sense for the humor, oddities, and generally epic computing contained with each issue:
pocorgtfo00
Date: August 2013
MD5: d74949bc9ca4dc265dbf2ff540fe6837
SHA1: 53ca5e7601f891400ad01720b0f3a311e2107395
Issue: pocorgtfo00
00.1: Call to Worship
00.2: iPod Antiforensics
00.3: ELF's are dorky, Elves are cool
00.4: The Pastor Manul Laphroaig’s First Epistle to Hacker Preachers of All Hats, in the sincerest hope that we might shut up about hats, and get back to hacking.
00.5: Returning from ELF to Libc
00.6: GTFO or #FAIL
00.7: A Call for PoC
pocorgtfo01
Date: October 2013
MD5: 151bb48f35895ba75e3c5f4b89b1ba87
SHA1: f7da6dc9a22489f0a1ac71b1720f096c9d81f653
Issue: pocorgtfo01
01.1: Call to Worship
01.2: Four Lines of Javascript that Can’t Possibly Work So why do they?
01.3: Weird Machines from Serena Butler’s TV Typewriter
01.4: Making a Multi-Windows PE
01.5: This ZIP is also a PDF
01.6: Burning a Phone
01.7: A Sermon concerning the Divinity of Languages; or, Dijkstra considered Racist
01.8: A Call for PoC
pocorgtfo02
Date: December 2013
MD5: 39e5658e24a08e786955af1f4d7e2852
SHA1: 2434e76e2d3a4dcd36d0ada363e3a9ed59272f60
Issue: pocorgtfo02
02.1: Call to Worship
02.2: A Parable on the Importance of Tools; or, Build your own fucking birdfeeder.
02.3: A PGP Matryoshka Doll
02.4: Reliable Code Execution on a Tamagotchi
02.5: Some Shellcode Tips for MSP430 and Related MCUs
02.6: 6 Calling putchar() from an ELF Weird Machine.
02.7: POKE of Death for the TRS 80 Model 100
02.8: This OS is also a PDF
02.9: A Vulnerability in Reduced Dakarand from PoC||GTFO 01.2
02.10: Juggernauty
02.11: A Call for PoC
pocorgtfo03
Date: March 2014
MD5: b90e36dbd5f192723c84c7ad002a616e
SHA1: 12330d8fa6d60b60971e97700c48f827153d3920
Issue: pocorgtfo03
03.1: Call to Worship
03.2: Greybeard’s Luck
03.3: This PDF is a JPEG; or, This Proof of Concept is a Picture of Cats
03.4: NetWatch: System Management Mode is not just for Governments.
03.5: An Advanced Mitigation Bypass for Packet-in-Packet; or, I’m burning 0day to use the phrase ‘eighth of a nybble’ in print.
03.6: Prototyping an RDRAND Backdoor in Bochs
03.7: Patching Kosher Firmware for Nokia 2720
03.8: Tetranglix: This Tetris is a Boot Sector
03.9: Defusing the Qualcomm Dragon
03.10: Tales of Python’s Encoding
03.11: A Binary Magic Trick, Angecryption
03.12: A Call for PoC
pocorgtfo04
Date: June 2014
MD5: 895598b7946d5b11adedad2e574b2b24
SHA1: e21c0ca79a09d4c1fdb163135889b1853de58c1e
Issue: pocorgtfo04
04.1: Call to Worship
04.2: First Epistle Concerning the Bountiful Seeds of 0Day
04.3: This OS is a Boot Sector
04.4: Prince of PoC; or, A 16-sector version of Prince of Persia for the Apple II.
04.5: A Quick Introduction to the New Facedancer Framework
04.6: Dumping Firmware from Tamagotchi Friends by Power Glitching
04.7: Lenticrypt: a Provably Plausibly Deniable Cryptosystem; or, This Picture of Cats is Also a Picture of Dogs
04.8: Hardening Pin Tumbler Locks against Myriad Attacks for Less Than a Sawbuck
04.9: Introduction to Reflux Decapsulation and Chip Photography
04.10: Forget Not the Humble Timing Attack
04.11: This Encrypted Volume is also a PDF; or, A Polyglot Trick for Bypassing TrueCrypt Volume Detection
04.12: How to Manually Attach a File to a PDF
04.13: Ode to ECB
04.14: A Call for PoC
pocorgtfo05
Date: August 2014
MD5: 74a17e1cb87cbf1dc31eebe5c7aea639
SHA1: 0dceb78c99442b9f26c596c6ecc6cfa8c5a8e419
Issue: pocorgtfo05
05.1: Call to Worship
05.2: Stuff is broken, and only you know how
05.3: ECB as an Electronic Coloring Book
05.4: An Easter Egg in PCI Express
05.5: A Flash PDF Polyglot
05.6: These Philosophers Stuff on 512 Bytes; or, This Multiprocessing OS is a Boot Sector.
05.7: A Breakout Board for Mini-PCIe; or, My Intel Galileo has less RAM than its Video Card!
05.8: Prototyping a generic x86 backdoor in Bochs; or, I’ll see your RDRAND backdoor and raise you a covert channel!
05.9: From Protocol to PoC; or, Your Cisco blade is booting PoC∥GTFO.
05.10: i386 Shellcode for Lazy Neighbors; or, I am my own NOP Sled.
05.11: Abusing JSONP with Rosetta Flash
05.12: A cryptographer and a binarista walk into a bar
05.13: Ancestral Voices; or, a vision in a nightmare.
05.14: A Call for PoC
pocorgtfo06
Date: November 2014
MD5: 02222f78842741c8b74237abe72f4015
SHA1: 8064f36364e0f664db763d9faed2cb48c1027576
Issue: pocorgtfo06
06.1: Sacrament of Communion with the Weird Machines
06.2: On Giving Thanks
06.3: Gekko the Dolphin
06.4: This TAR archive is a PDF! (as well as a ZIP, but you are probably used to it by now)
06.5: x86 Alchemy and Smuggling with Metalkit
06.6: Detecting MIPS Emulation
06.7: More Cryptographic Coloring Books
06.8: Introduction to Delayering and Reversing PCBs
06.9: Davinci Seal: Self-decrypting Executables
06.10: Observable Metrics
06.11: A Call for PoC
pocorgtfo07
Date: March 2015
MD5: 1cb67f33d8b1a63bf4f729ddf328eba3
SHA1: c0c6eff6b12b9211dd0c795ef052ebf3b09bd8c3
Issue: pocorgtfo07
07.1: With what shall we commune this evening?
07.2: The Magic Number: 0xAA55
07.3: Coastermelt
07.4: Of Scientific Consensus and a Wish That Came True
07.5: When Scapy is too high-level
07.6: Abusing file formats; or, Corkami, the Novella
07.7: Extending crypto-related backdoors to other scenarios
07.8: Innovations with Linux core files for advanced process forensics
07.9: Bambaata speaks from the past.
07.10: Public Service Announcement
07.11: Cyber Criminal’s Song
07.12: Fast Cash for Bugs!
pocorgtfo08
Date: June 2015
MD5: 257fc8f01fa20e21f8bd5577639ff596
SHA1: 1c6e3200a1005f2acd5a8ebf3462be605c83f3a1
Issue: pocorgtfo08
08.1: Please stand; now, please be seated.
08.2: Witches, Warlocks, and Wassenaar; or, On the Internet, no one knows you are a witch.
08.3: Deniable Backdoors Using Compiler Bugs
08.4: A Protocol for Leibowitz; or, Booklegging by HF in the Age of Safe Æther
08.5: Jiggling into a New Attack Vector
08.6: The Hypervisor Exploit I Sat on for Five Years
08.7: Stegosploit
08.8: On Error Resume Next
08.9: Unbrick My Part
08.10: Backdoors up my Sleeve
08.11: Naughty Signals; or, the Abuse of a Raspberry Pi
08.12: Weird cryptography; or, How to resist brute-force attacks.
08.13: Fast Cash for Cyber Munitions!
pocorgtfo09
Date: September 2015
MD5: 4dc7e88a1f88df3f169245af8c148bde
SHA1: b528f168de6242ff06a03d59a4d733fe1e60e56a
Issue: pocorgtfo09
09.1: Please stand; now, please be seated.
09.2: From Newton to Turing, a Happy Family
09.3: Breaking Globalstar Satellite Communications
09.4: Unprivileged Data All Around the Kernels; or, Pool Spray the Feature!
09.5: Second Underhanded Crypto Contest
09.6: Exploiting Out-of-Order-Execution; or, Processor Side Channels to Enable Cross VM Code Execution
09.7: Antivirus Tumors
09.8: Brewing TCP/IPA; or, A Useful Skill for the Zombie Apocalypse
09.9: Shenanigans with APRS and AX.25 for Covert Communications
09.10: Napravi i ti Raˇcunar „Galaksija“
09.11: Root Rights are a Grrl’s Best Friend
09.12: What if you could listen to this PDF?
09.13: Oona’s Puzzle Corner!
09.14: Fast Cash for Cyber Munitions!
pocorgtfo10
Date: January 2016
MD5: a80760ce9298ead26efe566ed031e5f4
SHA1: b7cfc56b3a8878e6ec5986ca1aa7205279b854b9
Issue: pocorgtfo10
10.1: Please stand; now, please be seated.
10.2: Three Ghosts and a Little, Brown Dog
10.3: Pokemon Plays Twitch
10.4: This PDF is also a Gameboy exploit that displays the “Pokemon Plays Twitch” article!
10.5: SWD Marionettes; or, The Internet of Unsuspecting Things
10.6: Reversing a Pregnancy Test; or, Bitch better have my money!
10.7: A Brief Description of Some Popular Copy-Protection Techniques on the Apple II Platform
10.8: Reverse Engineering the Tytera MD380
10.9: Tithe us your Alms of 0day!
pocorgtfo11
Date: March 2016
MD5: b7cfc56b3a8878e6ec5986ca1aa7205279b854b9
SHA1: ee696d6b92ac89a8b5a820ce0e2c4f33818a9684
Issue: pocorgtfo11
11.1: Please stand; now, please be seated.
11.2: In Praise of Junk Hacking
11.3: Emulating Star Wars on a Vector Display
11.4: Master Boot Record Nibbles; or, One Boot Sector PoC Deserves Another
11.5: In Search of the Most Amazing Thing; or, Towards a Universal Method to Defeat E7 Protection on the Apple II Platform
11.6: A Tourist’s Phrasebook for Reversing Embedded ARM in the Dialect of the Cortex M Series
11.7: A Ghetto Implementation of CFI on x86
11.8: A Tourist’s Phrasebook for Reversing MSP430
11.9: This HTML page is also a PDF, which is also a ZIP, which is also a Ruby script. which is an HTTP quine; or, The Treachery of Files
11.10: Tithe us your Alms of 0day!
pocorgtfo12
Date: June 2016
MD5: 23f54e6844686c6420fc66a981313b4c
SHA1: d3f40e19ff682cfdac42162e267f6eedbca53809
Issue: pocorgtfo12
12.1: Lisez Moi!
12.2: Surviving the Computation Bomb
12.3: Carols of the Z-Wave Security Layer; or, Robbing Keys from Peter to Unlock Paul
12.4: Content Sniffing with Comma Chameleon
12.5: A Crisis of Existential Import; or, Putting the VM in M/o/Vfuscator
12.6: A JCL Adventure with Network Job Entries
12.7: Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!
12.8: UMPOwn
12.9: A VIM Execution Engine
12.10: Doing Right by Neighbor O’Hara
12.11: Are All Androids Polyglots or Only C-3PO?
12.12: Tithe us your Alms of 0day!
pocorgtfo00
Date: August 2013
MD5: d74949bc9ca4dc265dbf2ff540fe6837
SHA1: 53ca5e7601f891400ad01720b0f3a311e2107395
Issue: pocorgtfo00
00.1: Call to Worship
00.2: iPod Antiforensics
00.3: ELF's are dorky, Elves are cool
00.4: The Pastor Manul Laphroaig’s First Epistle to Hacker Preachers of All Hats, in the sincerest hope that we might shut up about hats, and get back to hacking.
00.5: Returning from ELF to Libc
00.6: GTFO or #FAIL
00.7: A Call for PoC
pocorgtfo01
Date: October 2013
MD5: 151bb48f35895ba75e3c5f4b89b1ba87
SHA1: f7da6dc9a22489f0a1ac71b1720f096c9d81f653
Issue: pocorgtfo01
01.1: Call to Worship
01.2: Four Lines of Javascript that Can’t Possibly Work So why do they?
01.3: Weird Machines from Serena Butler’s TV Typewriter
01.4: Making a Multi-Windows PE
01.5: This ZIP is also a PDF
01.6: Burning a Phone
01.7: A Sermon concerning the Divinity of Languages; or, Dijkstra considered Racist
01.8: A Call for PoC
pocorgtfo02
Date: December 2013
MD5: 39e5658e24a08e786955af1f4d7e2852
SHA1: 2434e76e2d3a4dcd36d0ada363e3a9ed59272f60
Issue: pocorgtfo02
02.1: Call to Worship
02.2: A Parable on the Importance of Tools; or, Build your own fucking birdfeeder.
02.3: A PGP Matryoshka Doll
02.4: Reliable Code Execution on a Tamagotchi
02.5: Some Shellcode Tips for MSP430 and Related MCUs
02.6: 6 Calling putchar() from an ELF Weird Machine.
02.7: POKE of Death for the TRS 80 Model 100
02.8: This OS is also a PDF
02.9: A Vulnerability in Reduced Dakarand from PoC||GTFO 01.2
02.10: Juggernauty
02.11: A Call for PoC
pocorgtfo03
Date: March 2014
MD5: b90e36dbd5f192723c84c7ad002a616e
SHA1: 12330d8fa6d60b60971e97700c48f827153d3920
Issue: pocorgtfo03
03.1: Call to Worship
03.2: Greybeard’s Luck
03.3: This PDF is a JPEG; or, This Proof of Concept is a Picture of Cats
03.4: NetWatch: System Management Mode is not just for Governments.
03.5: An Advanced Mitigation Bypass for Packet-in-Packet; or, I’m burning 0day to use the phrase ‘eighth of a nybble’ in print.
03.6: Prototyping an RDRAND Backdoor in Bochs
03.7: Patching Kosher Firmware for Nokia 2720
03.8: Tetranglix: This Tetris is a Boot Sector
03.9: Defusing the Qualcomm Dragon
03.10: Tales of Python’s Encoding
03.11: A Binary Magic Trick, Angecryption
03.12: A Call for PoC
pocorgtfo04
Date: June 2014
MD5: 895598b7946d5b11adedad2e574b2b24
SHA1: e21c0ca79a09d4c1fdb163135889b1853de58c1e
Issue: pocorgtfo04
04.1: Call to Worship
04.2: First Epistle Concerning the Bountiful Seeds of 0Day
04.3: This OS is a Boot Sector
04.4: Prince of PoC; or, A 16-sector version of Prince of Persia for the Apple II.
04.5: A Quick Introduction to the New Facedancer Framework
04.6: Dumping Firmware from Tamagotchi Friends by Power Glitching
04.7: Lenticrypt: a Provably Plausibly Deniable Cryptosystem; or, This Picture of Cats is Also a Picture of Dogs
04.8: Hardening Pin Tumbler Locks against Myriad Attacks for Less Than a Sawbuck
04.9: Introduction to Reflux Decapsulation and Chip Photography
04.10: Forget Not the Humble Timing Attack
04.11: This Encrypted Volume is also a PDF; or, A Polyglot Trick for Bypassing TrueCrypt Volume Detection
04.12: How to Manually Attach a File to a PDF
04.13: Ode to ECB
04.14: A Call for PoC
pocorgtfo05
Date: August 2014
MD5: 74a17e1cb87cbf1dc31eebe5c7aea639
SHA1: 0dceb78c99442b9f26c596c6ecc6cfa8c5a8e419
Issue: pocorgtfo05
05.1: Call to Worship
05.2: Stuff is broken, and only you know how
05.3: ECB as an Electronic Coloring Book
05.4: An Easter Egg in PCI Express
05.5: A Flash PDF Polyglot
05.6: These Philosophers Stuff on 512 Bytes; or, This Multiprocessing OS is a Boot Sector.
05.7: A Breakout Board for Mini-PCIe; or, My Intel Galileo has less RAM than its Video Card!
05.8: Prototyping a generic x86 backdoor in Bochs; or, I’ll see your RDRAND backdoor and raise you a covert channel!
05.9: From Protocol to PoC; or, Your Cisco blade is booting PoC∥GTFO.
05.10: i386 Shellcode for Lazy Neighbors; or, I am my own NOP Sled.
05.11: Abusing JSONP with Rosetta Flash
05.12: A cryptographer and a binarista walk into a bar
05.13: Ancestral Voices; or, a vision in a nightmare.
05.14: A Call for PoC
pocorgtfo06
Date: November 2014
MD5: 02222f78842741c8b74237abe72f4015
SHA1: 8064f36364e0f664db763d9faed2cb48c1027576
Issue: pocorgtfo06
06.1: Sacrament of Communion with the Weird Machines
06.2: On Giving Thanks
06.3: Gekko the Dolphin
06.4: This TAR archive is a PDF! (as well as a ZIP, but you are probably used to it by now)
06.5: x86 Alchemy and Smuggling with Metalkit
06.6: Detecting MIPS Emulation
06.7: More Cryptographic Coloring Books
06.8: Introduction to Delayering and Reversing PCBs
06.9: Davinci Seal: Self-decrypting Executables
06.10: Observable Metrics
06.11: A Call for PoC
pocorgtfo07
Date: March 2015
MD5: 1cb67f33d8b1a63bf4f729ddf328eba3
SHA1: c0c6eff6b12b9211dd0c795ef052ebf3b09bd8c3
Issue: pocorgtfo07
07.1: With what shall we commune this evening?
07.2: The Magic Number: 0xAA55
07.3: Coastermelt
07.4: Of Scientific Consensus and a Wish That Came True
07.5: When Scapy is too high-level
07.6: Abusing file formats; or, Corkami, the Novella
07.7: Extending crypto-related backdoors to other scenarios
07.8: Innovations with Linux core files for advanced process forensics
07.9: Bambaata speaks from the past.
07.10: Public Service Announcement
07.11: Cyber Criminal’s Song
07.12: Fast Cash for Bugs!
pocorgtfo08
Date: June 2015
MD5: 257fc8f01fa20e21f8bd5577639ff596
SHA1: 1c6e3200a1005f2acd5a8ebf3462be605c83f3a1
Issue: pocorgtfo08
08.1: Please stand; now, please be seated.
08.2: Witches, Warlocks, and Wassenaar; or, On the Internet, no one knows you are a witch.
08.3: Deniable Backdoors Using Compiler Bugs
08.4: A Protocol for Leibowitz; or, Booklegging by HF in the Age of Safe Æther
08.5: Jiggling into a New Attack Vector
08.6: The Hypervisor Exploit I Sat on for Five Years
08.7: Stegosploit
08.8: On Error Resume Next
08.9: Unbrick My Part
08.10: Backdoors up my Sleeve
08.11: Naughty Signals; or, the Abuse of a Raspberry Pi
08.12: Weird cryptography; or, How to resist brute-force attacks.
08.13: Fast Cash for Cyber Munitions!
pocorgtfo09
Date: September 2015
MD5: 4dc7e88a1f88df3f169245af8c148bde
SHA1: b528f168de6242ff06a03d59a4d733fe1e60e56a
Issue: pocorgtfo09
09.1: Please stand; now, please be seated.
09.2: From Newton to Turing, a Happy Family
09.3: Breaking Globalstar Satellite Communications
09.4: Unprivileged Data All Around the Kernels; or, Pool Spray the Feature!
09.5: Second Underhanded Crypto Contest
09.6: Exploiting Out-of-Order-Execution; or, Processor Side Channels to Enable Cross VM Code Execution
09.7: Antivirus Tumors
09.8: Brewing TCP/IPA; or, A Useful Skill for the Zombie Apocalypse
09.9: Shenanigans with APRS and AX.25 for Covert Communications
09.10: Napravi i ti Raˇcunar „Galaksija“
09.11: Root Rights are a Grrl’s Best Friend
09.12: What if you could listen to this PDF?
09.13: Oona’s Puzzle Corner!
09.14: Fast Cash for Cyber Munitions!
pocorgtfo10
Date: January 2016
MD5: a80760ce9298ead26efe566ed031e5f4
SHA1: b7cfc56b3a8878e6ec5986ca1aa7205279b854b9
Issue: pocorgtfo10
10.1: Please stand; now, please be seated.
10.2: Three Ghosts and a Little, Brown Dog
10.3: Pokemon Plays Twitch
10.4: This PDF is also a Gameboy exploit that displays the “Pokemon Plays Twitch” article!
10.5: SWD Marionettes; or, The Internet of Unsuspecting Things
10.6: Reversing a Pregnancy Test; or, Bitch better have my money!
10.7: A Brief Description of Some Popular Copy-Protection Techniques on the Apple II Platform
10.8: Reverse Engineering the Tytera MD380
10.9: Tithe us your Alms of 0day!
pocorgtfo11
Date: March 2016
MD5: b7cfc56b3a8878e6ec5986ca1aa7205279b854b9
SHA1: ee696d6b92ac89a8b5a820ce0e2c4f33818a9684
Issue: pocorgtfo11
11.1: Please stand; now, please be seated.
11.2: In Praise of Junk Hacking
11.3: Emulating Star Wars on a Vector Display
11.4: Master Boot Record Nibbles; or, One Boot Sector PoC Deserves Another
11.5: In Search of the Most Amazing Thing; or, Towards a Universal Method to Defeat E7 Protection on the Apple II Platform
11.6: A Tourist’s Phrasebook for Reversing Embedded ARM in the Dialect of the Cortex M Series
11.7: A Ghetto Implementation of CFI on x86
11.8: A Tourist’s Phrasebook for Reversing MSP430
11.9: This HTML page is also a PDF, which is also a ZIP, which is also a Ruby script. which is an HTTP quine; or, The Treachery of Files
11.10: Tithe us your Alms of 0day!
pocorgtfo12
Date: June 2016
MD5: 23f54e6844686c6420fc66a981313b4c
SHA1: d3f40e19ff682cfdac42162e267f6eedbca53809
Issue: pocorgtfo12
12.1: Lisez Moi!
12.2: Surviving the Computation Bomb
12.3: Carols of the Z-Wave Security Layer; or, Robbing Keys from Peter to Unlock Paul
12.4: Content Sniffing with Comma Chameleon
12.5: A Crisis of Existential Import; or, Putting the VM in M/o/Vfuscator
12.6: A JCL Adventure with Network Job Entries
12.7: Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!
12.8: UMPOwn
12.9: A VIM Execution Engine
12.10: Doing Right by Neighbor O’Hara
12.11: Are All Androids Polyglots or Only C-3PO?
12.12: Tithe us your Alms of 0day!