Top HN posts
# I'll be doing another one for Linux, but this one will give you | |
# a pop up notification and sound alert (using the built-in sounds for macOS) | |
# Requires https://github.com/caarlos0/timer to be installed | |
# Mac setup for pomo | |
alias work="timer 60m && terminal-notifier -message 'Pomodoro'\ | |
-title 'Work Timer is up! Take a Break 😊'\ | |
-appIcon '~/Pictures/pumpkin.png'\ | |
-sound Crystal" |
' Proof of Concept: retrieving SSN for syscalling in VBA | |
' Author: Juan Manuel Fernandez (@TheXC3LL) | |
'Based on: | |
'https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/ | |
'https://www.crummie5.club/freshycalls/ | |
Private Type LARGE_INTEGER |
In the olden days, HTML was prepared by the server, and JavaScript was little more than a garnish, considered by some to have a soapy taste.
After a fashion, it was decided that sometimes our HTML is best rendered by JavaScript, running in a user's browser. While some would decry this new-found intimacy, the age of interactivity had begun.
But all was not right in the world. Somewhere along the way, we had slipped. Our pages went uncrawled by Bing, time to first meaningful paint grew faster than npm, and it became clear: something must be done.
And so it was decided that the applications first forged for the browser would also run on the server. We would render our HTML using the same logic on the server and the browser, and reap the advantages of both worlds. In a confusing series of events a name for this approach was agreed upon: Server-side rendering. What could go wrong?
In dark rooms, in hushed tones, we speak of colours.
#!/bin/bash | |
gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont' |
The challenge was to achieve RCE with this file:
<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');
Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).
I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.
this is a rough draft and may be updated with more examples
GitHub was kind enough to grant me swift access to the Copilot test phase despite me @'ing them several hundred times about ICE. I would like to examine it not in terms of productivity, but security. How risky is it to allow an AI to write some or all of your code?
Ultimately, a human being must take responsibility for every line of code that is committed. AI should not be used for "responsibility washing." However, Copilot is a tool, and workers need their tools to be reliable. A carpenter doesn't have to
! function(e, t) { | |
"object" == typeof exports && "undefined" != typeof module ? module.exports = t() : "function" == typeof define && define.amd ? define(t) : (e = e || self).hotkeys = t() | |
}(this, (function() { | |
"use strict"; | |
function e(t) { | |
return (e = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function(e) { | |
return typeof e | |
} : function(e) { |
# Kernel sysctl configuration file for Linux | |
# | |
# Version 1.14 - 2019-04-05 | |
# Michiel Klaver - IT Professional | |
# http://klaver.it/linux/ for the latest version - http://klaver.it/bsd/ for a BSD variant | |
# | |
# This file should be saved as /etc/sysctl.conf and can be activated using the command: | |
# sysctl -e -p /etc/sysctl.conf | |
# | |
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and sysctl.conf(5) for more details. |