thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless.

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

smx-smx

XZ Backdoor symbol deobfuscation. Updated as i make progress

fnky

ANSI Escape Sequences

Standard escape codes are prefixed with Escape:

• Ctrl-Key: ^[
• Octal: \033
• Unicode: \u001b
• Hexadecimal: \x1B
• Decimal: 27

chronon

Possible values for ext-name:

bcmath
bz2
calendar
ctype
curl
dba
dom
enchant

q3k

0810 b' from '
0678 b' ssh2'
00d8 b'%.48s:%.48s():%d (pid=%ld)\x00'
0708 b'%s'
0108 b'/usr/sbin/sshd\x00'
0870 b'Accepted password for '
01a0 b'Accepted publickey for '
0c40 b'BN_bin2bn\x00'
06d0 b'BN_bn2bin\x00'
0958 b'BN_dup\x00'

leommoore

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files

noxasaxon

Learning Rust

Getting Started + Installation | Cheat Sheet

Table of Contents

1. How Do I Start Learning Rust?!
2. Ok, I Think I Know The Basics But How Do I Get Better?!
3. Rustlang Tooling
4. Helpful References Throughout Your Journey
5. The Rust Community
6. Recommended (but not free) Books & Courses

discordier

javascript

ES6ValidationInspection
JSAccessibilityCheckInspection
JSBitwiseOperatorUsageInspection
JSCheckFunctionSignaturesInspection
JSClosureCompilerSyntaxInspection
JSCommentMatchesSignatureInspection
JSComparisonWithNaNInspection
JSConsecutiveCommasInArrayLiteralInspection

jessarcher

You'll need:

1. Video 4 Linux loopback device kernel module (v4l2loopback) - Source: https://github.com/umlaeute/v4l2loopback (You might find builds in your distro's repos - I'm using Fedora so had to build it myself using https://github.com/danielkza/v4l2loopback-fedora/)
2. gPhoto2 - this is what allows you to access your cameras live feed over USB - this was available in Fedora's repos.
3. GStreamer or ffmpeg - this is what lets you stream the output from gPhoto2 into the loopback device.

It's been a little while since I set it all up so I can't remember all of the installation details, which will probably be different for your distro anyway unless you're using Fedora. Apologies if I have forgotten something as wel.

Running the stream

t3easy

image: an-image-with-docker-and-docker-compose

variables:
  DOCKER_TLS_VERIFY: "1"
  DOCKER_CERT_PATH: ".docker"

before_script:
- mkdir -p $DOCKER_CERT_PATH
- echo "$DOCKER_CA" > $DOCKER_CERT_PATH/ca.pem
- echo "$DOCKER_CERT" > $DOCKER_CERT_PATH/cert.pem