This study focuses on the strategies used by the "xz backdoor", an extremely
complex piece of malware that contains its own x64 disassembler inside of it
to find critical locations in your code and hijacks it by swapping out your
code with its own as it runs. Because this a machine-code based attack,
all code written in any program language can be attacked and is vulnerable.
Instead of targeting sshd directly, the xz
backdoor injects itself in the parent systemd process then hijacks the
GNU Dynamic Linker (ld), before sshd is even started or libcrypto.so is
rok aca
christoofar
/ main.md
Last active
May 14, 2024 04:16
Wrapping a C library call in a defensive Go routine
tang0n
/ pros & cons.txt
Last active
December 31, 2023 20:01
Using Guix Home vs GNU Stow + Guix Package Manager
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *** TODO Decide on home env strategy | |
| Time to think out some pros and cons for `guix home` versus stow: | |
| +--------------+-------------------------------+-----------------------------------+ | |
| | Guix Home vs |Pros |Cons | | |
| | GNU Stow + |Home: 7 |Home: 5 | | |
| | Guix Package |Stow: 9 |Stow: 2 | | |
| | | | | | |
| +--------------+-------------------------------+-----------------------------------+ | |
| | Home & Stow |Distrobution agnostic, portable| | | |
| | |& easy to version control with | | |
habamax
/ vim-useful-text-objects.adoc
Last active
April 15, 2024 12:43
rsms
/ foo.service
Created
October 3, 2020 00:18
Example go http server with systemd socket activation and zero-downtime restart
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description = Foo HTTP server | |
| Requires = foo.socket | |
| After = multi-user.target | |
| [Service] | |
| User = www-data | |
| Group = www-data | |
| WorkingDirectory = /var/foo | |
| ExecStart = /var/foo/bin/foo-server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " Vim syntax file | |
| " Language: Todo | |
| " Maintainer: Huy Tran | |
| " Latest Revision: 14 June 2020 | |
| if exists("b:current_syntax") | |
| finish | |
| endif | |
| " Custom conceal |
todo:
- - update Kibana object to set an antiaffinity (lack aarch64 support)
- - show example of using fluent-bit annotation to highlight what parser to use.
ECK provides a higher baseline for security out of the box, which makes most "quick-start" guides for utilizing as a sink for logging fail. This gist provides details on how to update fluent-bit quick-start guides to work with ECK, utilizing emptyDir for the ES PVC.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| prog_name=${0##*/} | |
| version=1.0 | |
| version_text="Boilerplate for new scripts v$version" | |
| options="h o: q v V" | |
| help_text="Usage: $prog_name [-o <text>] [-hqvV] [<file>]... | |
| Boilerplate for new scripts |
vcastroi
/ css-layout-hack.js
Last active
March 17, 2024 18:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // create a bookmark and use this code as the URL, you can now toggle the css on/off | |
| // thanks+credit: https://dev.to/gajus/my-favorite-css-hack-32g3 | |
| javascript: (function() { | |
| var elements = document.body.getElementsByTagName('*'); | |
| var items = []; | |
| for (var i = 0; i < elements.length; i++) { | |
| if (elements[i].innerHTML.indexOf('* { background:#000!important;color:#0f0!important;outline:solid #f00 1px!important; background-color: rgba(255,0,0,.2) !important; }') != -1) { | |
| items.push(elements[i]); | |
| } | |
| } |
davidalger
/ Enable-macOS-Server-Performance-Mode.md
Last active
December 6, 2023 03:06
Performance mode changes the system parameters of your Mac. These changes take better advantage of your hardware for demanding server applications.
A Mac with macOS Server that needs to run high-performance services can turn on performance mode to dedicate additional system resources for server applications. Note, however, that performance mode can be enabled even without macOS Server being installed to achieve similar benifits for other high-performance services.
sudo nvram boot-args="serverperfmode=1 $(nvram boot-args 2>/dev/null | cut -f 2-)"
sudo reboot
Reference: https://support.apple.com/en-us/HT202528.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Overwrite key bindings by placing them into your key bindings file. | |
| [ | |
| { | |
| "key": "escape escape", | |
| "command": "workbench.action.exitZenMode", | |
| "when": "inZenMode" | |
| }, | |
| { | |
| "key": "shift+escape", | |
| "command": "closeReferenceSearchEditor", |
NewerOlder