thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

Dan-Q

<?php
// half-hearted CSS minification
$css = preg_replace(
  array('/\s*(\w)\s*{\s*/','/\s*(\S*:)(\s*)([^;]*)(\s|\n)*;(\n|\s)*/','/\n/','/\s*}\s*/'), 
  array('$1{ ','$1$3;',"",'} '),
  file_get_contents('linked.css')
);

// embed as a data: uri
$base64css = rtrim(strtr(base64_encode($css), '+/', '-_'), '=');

dmccuk

Ansible: Nested and Dynamic Variables

This is a quick demo to show you how to use nested variables, then override them to make them useful in your playbooks.

Subscribe To Me On YouTube: https://bit.ly/lon_sub

Create a role

The first thing we do is create a new role to put our ansible code:

mkdir roles

huytd

How to use:

./wordle.sh

Or try the unlimit mode:

Neo23x0

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

motorailgun

Installing Windows and Linux into the same partition

But WHY?

There was a reddit post about installing Arch on NTFS3 partition. Since Windows and Linux doesn't have directories with same names under the /(C:\), I thought it's possible, and turned out it was actually possible.
If you are not familiar to Linux, for example you've searched on Google "how to dualboot Linux and Windos" or brbrbr... you mustn't try this. This is not practical.

Pre-requirements

• UEFI system
• Any Linux live-boot CD/DVD/USB... with Linux kernel newer than 5.15
• Windows installer USB

nrjdalal

Install QEMU on Silicon based Apple Macs (June 2021)

Option 1 - Automatically

zsh -c "$(curl -fsSL https://raw.githubusercontent.com/nrjdalal/silicon-virtualizer/master/install-qemu.sh)"

Option 2 - Manually

• Install Xcode command line tools

xcode-select --install

citruz

Running Linux and Windows on M1 with QEMU

30.11.2020: Updated with the new patchseries and instructions for Windows

02.12.2020: Added tweaks

08.12.2020: Updated with patchseries v4

31.01.2020: Updated with patchseries v6

abcdw

Nix vs Guix

These are notes to the stream: https://youtu.be/S9V-pcTrdL8

Some notes

• We are not aware of a lot of GNU software available to us.
• Seems that Guix more hacker-friendly/explorable.

General comparsion

Description

Nix

Guix

Comment

vegard

Getting started with Linux kernel development

Prerequisites

The Linux kernel is written in C, so you should have at least a basic understanding of C before diving into kernel work. You don't need expert level C knowledge, since you can always pick some things up underway, but it certainly helps to know the language and to have written some userspace C programs already.

It will also help to be a Linux user. If you have never used Linux before, it's probably a good idea to download a distro and get comfortable with it before you start doing kernel work.

Lastly, knowing git is not actually required, but can really help you (since you can dig through changelogs and search for information you'll need). At a minimum you should probably be able to clone the git repository to a local directory.