jpluimers

javascript:(function(){ var postID = document.getElementsByName("comment_post_ID")[0]?.value; var a = document.createElement("a"); if ((typeof HighlanderComments === 'undefined') || (HighlanderComments == null)) { a.href = document.querySelector('link[rel="EditURI"]').href; var searchParams = new URLSearchParams(window.location.search); } else { a.href=HighlanderComments.connectURL; }; a.pathname=''; a.search=`?p=${postID}`; a.hash=''; a.target="blank"; a.rel="noopener"; a.text=document.querySelector('meta[property="og:title"]')?.content; prompt("Anchor", a.outerHTML); } )();

jpluimers

javascript:(function(){ var postID = document.getElementsByName("comment_post_ID")[0]?.value; var a = document.createElement("a"); if ((typeof HighlanderComments === 'undefined') || (HighlanderComments == null)) { a.href = document.querySelector('link[rel="EditURI"]').href; var searchParams = new URLSearchParams(window.location.search); } else { a.href=HighlanderComments.connectURL; }; a.pathname='wp-admin/post.php'; a.search=`post=${postID}&action=edit&classic-editor`; a.hash=''; open(a.href); } )();

jpluimers

Alt-text voor https://twitter.com/NLzorg1/status/1777240803921805427

• Tweet/Wayback/Archive (let op: deze Archive link is stuk, want archiveren ging mis)
• Meta/Wayback/Archive

Plaatje 1

Wayback/Archive

![Mantelzorgen met zorgervaring...wat zijn de voor- en

jpluimers

detection@detection:~/Desktop$ time env -i LC_LANG=C LD_PRELOAD=/usr/lib/x86_64-linux-gnu/liblzma.so.5.6.1 /usr/sbin/sshd -h
option requires an argument -- h
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
usage: sshd [-46DdeiqTt] [-C connection_spec] [c host_cert_file]
            [-E log file] [-f config_file] [-g login_grace_time]
            [-h host_key_file] [-o option] [-p port] [-u len]
real    0m0,162s
user    0m0,161s
sys     0m0,000s
detection@detection:~/Desktop$ time env -i LC_LANG=C yolAbejyiejuvnup=Evjtgvsh5okmkAvj LD_PRELOAD=/usr/lib/x86_64-linux-gnu/liblzma.so.5.6.1 /usr/sbin/sshd -h

jpluimers

XZ Backdoor symbol deobfuscation. Updated as i make progress

jpluimers

# -*- coding: utf-8 -*-
# Inspired by https://github.com/turlando/airhead/blob/master/airhead/broadcaster.py
import click
import os
import shouty
import sys
import logging
logger = logging.getLogger('[broadcaster]')

jpluimers

jpluimers

URLs voor NPO

Er is een GraphQL API die vanuit elke mini-player wordt gebruikt: https://api.nporadio.nl/graphql

Elke track vanuit de mini-player geeft ook een call naar een player API url als deze: https://play-api.nporadio.nl/play/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6Im5wb3JhZGlvLWFwaSJ9.eyJpYXQiOjE3MTA1MDE3MTksIm1pZCI6IkxJX1JBNV84MTY3MzYwIn0.lJYb3PkxFbcyrfVJf0Eq-xpgad1kN2LBJF1I2ANfTzI

Het lijkt erop dat http gebaseerde icecast streams in Google Chrome vanzelf gaan afspelen, maar https gebaseerde streams niet:

• http://icecast.omroep.nl/radio6-bb-mp3
• https://icecast.omroep.nl/radio6-bb-mp3

jpluimers

jpluimers

<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
<head>
    <title>Sign in to your account</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">