RIAEvangelist/node-ipc is malware / protestware
The RIAEvangelist/node-ipc
module contains protestware peacenotwar.
Excerpt from RIAEvangelist/node-ipc:
as of v11.0.0 & v9.2.2 this module uses the peacenotwar module.
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log
and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
For this year's Google CTF, I prepared a challenge that is based on a real-world vulnerability. The challenge wasn't solved by any team during the competition so here is the proof that the challenge was in fact solvable! :)
- Link to the challenge: https://capturetheflag.withgoogle.com/challenges/web-security-driven
- Link to the PoC: https://github.com/google/google-ctf/tree/master/2021/quals/web-security-driven/solution
The goal of the challenge was to send a malicious file to the admin and leak their file with a flag. The ID of the file was embedded into the challenge description (/file?id=133711377731
) and only admin had access to it, because the file was private.
Disclamer: The write-up is written on airplane therefore the quality of it is poor, mostly to showcase the required steps to solve the challenge
(() => { | |
let gadgets = []; | |
if (typeof _satellite !== 'undefined') { | |
gadgets.push('Adobe Dynamic Tag Management'); | |
} | |
if (typeof BOOMR !== 'undefined') { | |
gadgets.push('Akamai Boomerang'); | |
} |
This is inspired by A half-hour to learn Rust and Zig in 30 minutes.
Your first Go program as a classical "Hello World" is pretty simple:
First we create a workspace for our project:
{ | |
"token": "[token]", | |
"job": "notifySlack", | |
"ref": "refs/pull/4/merge", | |
"sha": "[shad]", | |
"repository": "colbyfayock/demo-github-actions", | |
"repository_owner": "colbyfayock", | |
"repositoryUrl": "git://github.com/colbyfayock/demo-github-actions.git", | |
"run_id": 120667610, | |
"run_number": "2", |
import semver from 'semver' // I want this to be bundled in | |
import './node_modules/abc/abc.js' // this is vanilla JS, I expect this to be imported in the global scope | |
import * as myData from './mydata.json' // this is just json data I'm working with | |
async function myOwnThing() { | |
return some_data_object_here; | |
} | |
return myOwnThing(); |
👉 Snyk Blog | Node.js release fixes a critical HTTP security vulnerability
Thanks a lot Snyk team for the support! ❤️
#!/usr/bin/env php | |
<?php | |
$plugins = file_get_contents( 'https://packagist.org/packages/list.json?type=wordpress-plugin' ); | |
$muplugins = file_get_contents( 'https://packagist.org/packages/list.json?type=wordpress-muplugin' ); | |
$dropins = file_get_contents( 'https://packagist.org/packages/list.json?type=wordpress-dropin' ); | |
$themes = file_get_contents( 'https://packagist.org/packages/list.json?type=wordpress-theme' ); | |
$plugins_json = json_decode( $plugins, true )['packageNames']; | |
$muplugins_json = json_decode( $muplugins, true )['packageNames']; |