EdOverflow

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

stevenringo

Sessions

Code	Title	Duration	Link
Keynote	Andy Jassy Keynote Announcement Recap	0:01	https://www.youtube.com/watch?v=TZCxKAM2GtQ
Keynote	AWS re:Invent 2016 Keynote: Andy Jassy	2:22	https://www.youtube.com/watch?v=8RrbUyw9uSg
Keynote	AWS re:Invent 2016 Keynote: Werner Vogels	2:16	https://www.youtube.com/watch?v=ZDScBNahsL4
Keynote	[Tuesday Night Live with Jame

yefim

{
  "AWSEBDockerrunVersion": "1",
  "Image": {
    "Name": "<AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/<NAME>:<TAG>",
    "Update": "true"
  },
  "Ports": [
    {
      "ContainerPort": "443"
    }

paulp

// [info] Running p.Run
// List(Fish(Bob, Esq.,12), Kitty(Thor, Esq.,java.awt.Color[r=255,g=200,b=0]))

import java.awt.Color

package p {
  trait Pet[A] {
    def name(a: A): String
    def renamed(a: A, newName: String): A
  }

pathikrit

case class Node(value: Int, next: Option[Node])
 
def reverse(node: Node, prev: Option[Node] = None): Node = {
  val reversed = node.copy(next = prev)
  node.next map {reverse(_, Some(reversed))} getOrElse reversed
} 
/****************************************************************/
val one = Node(1,Some(Node(2,Some(Node(3,None)))))
println(s"$one\n${reverse(one)}")

pathikrit

val n = 9
val s = Math.sqrt(n).toInt
type Board = IndexedSeq[IndexedSeq[Int]]
 
def solve(board: Board, cell: Int = 0): Option[Board] = (cell%n, cell/n) match {
  case (r, `n`) => Some(board)
  case (r, c) if board(r)(c) > 0 => solve(board, cell + 1)
  case (r, c) =>
    def guess(x: Int) = solve(board.updated(r, board(r).updated(c, x)), cell + 1)  
    val used = board.indices.flatMap(i => Seq(board(r)(i), board(i)(c), board(s*(r/s) + i/s)(s*(c/s) + i%s)))

imjasonh

* {
    font-size: 12pt;
    font-family: monospace;
    font-weight: normal;
    font-style: normal;
    text-decoration: none;
    color: black;
    cursor: default;
}

andreas

package main

import (
	"bytes"
	"crypto/rand"
	"encoding/gob"
	"fmt"
	"io/ioutil"
	"os"
	"time"

JoshRosen

Confusing Scala serialization puzzle

This writeup describes a tricky Scala serialization issue that we ran into while porting Spark to Scala 2.11.

First, let's create a factory that builds anonymous functions:

class FunctionFactory extends Serializable {
  // This method returns a function whose $outer scope is this class.
  // Note that the function does not reference any variables in this scope,

hihellobolke

      
      
      // Create Vertices
      val users: RDD[(VertexId, (String, String))] = sc.parallelize(Array(
        //Alice her bank is HSBC, she has APPL shares
        (1000L, ("human", "Alice")),
        (1001L, ("bank", "HSBC")),
        (1002L, ("shares", "APPL")),

        //Transaction vertices