Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
kinda focusing

Ondřej ondrj

🎯
kinda focusing
View GitHub Profile
View things-i-believe.md

Things I believe

This is a collection of the things I believe about software development. I have worked for years building backend and data processing systems, so read the below within that context.

Agree? Disagree? Feel free to let me know at @JanStette. See also my blog at www.janvsmachine.net.

Fundamentals

Keep it simple, stupid. You ain't gonna need it.

View AV2019.txt
https://seclists.org/fulldisclosure/2019/Aug/1
https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67
https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/
https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM
http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html
https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6
https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html
View grugq quotes from Downclimb
Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life.
https://twitter.com/thegrugq/status/563964286783877121
--
You can get 25% off a Mandiant incident response with the code: ITWASCHINA. 100% off if you just use that code as the report.
https://twitter.com/thegrugq/status/600345075562909696
--
Fear of 0day is like being terrified of ninjas instead of cardiovascular disease.
https://twitter.com/thegrugq/status/851001030019907588
@johnazariah
johnazariah / free.fs
Created Apr 3, 2018
Free Monad with Trampoline Infrastructure and Computation Builder
View free.fs
// F<'a> is any type with member 'map' of type ('a -> 'b) -> F<'a> -> F<'b>
type F<'a> = QIL<'a>
and S<'a> = F<Q<'a>>
and Q<'a> =
private
| Step of Step<'a>
| Bind of IBind<'a>
with
static member lift (k : F<'a>) : Q<'a> = Step (Suspend (fun () -> S<_>.map (Yield >> Step) k))
View gist:07d8d4c833873be2f68c34f9afc5a78a

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

View codingstandards-0-automatedanalysis.md

THIS DOCUMENT

IS OUT OF

DATE

See https://github.com/lefticus/cppbestpractices/blob/master/00-Table_of_Contents.md Instead!

C++ Coding Standards Part 0: Automated Code Analysis

Automated analysis is the main advantage to working with a modern statically typed compiled language like C++. Code analysis tools can inform us when we have implemented an operator overload with a non-canonical form, when we should have made a method const, or when the scope of a variable can be reduced.

You can’t perform that action at this time.