Both things have been introduced recently, and let you access even private ec2 instances
- Without VPN
- No open SSH port
- Authentication / Authorization is fully delegated to IAM
# Assumes valid AWS Credentials in ENV
import re | |
from urllib.parse import unquote | |
FLAGS = re.IGNORECASE | re.DOTALL | |
ESC_DOLLAR = r'(?:\$|[\\%]u0024||\\x24|\\0?44|%24)' | |
ESC_LCURLY = r'(?:\{|[\\%]u007B|\\x7B|\\173|%7B)' | |
ESC_RCURLY = r'(?:\}|[\\%]u007D|\\x7D|\\175|%7D)' | |
_U_PERCENT_ESCAPE_RE = re.compile(r'%(u[0-9a-f]{4})', flags=FLAGS) | |
_PERCENT_ESCAPE_RE = re.compile(r'%[0-9a-f]{2}', flags=FLAGS) |
Both things have been introduced recently, and let you access even private ec2 instances
# Assumes valid AWS Credentials in ENV
#!/usr/bin/env python | |
from __future__ import print_function | |
import json | |
import logging | |
from urllib2 import Request, urlopen, URLError, HTTPError | |
from base64 import b64decode |
Flamegraphing in Rust can now be done with a new cargo
subcommand. Please check this out before embarking on the legacy journey below:
https://github.com/flamegraph-rs/flamegraph
perf
, using Brendan Gregg's guide:
http://www.brendangregg.com/perf.html#Prerequisitesflamegraph
from repo:GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
Requiring ICs to demonstrate business impact for promotion is, at best, imprecise, and, at worst, disingenuous. Instead, two more valuable and precise measures are:
Engineering ICs cannot plan to affect business impact in a foolproof way -- even if an IC had the means to evaluate the impact of their project, it's rare that they are empowered to select projects. Impactful projects are driven partly by luck: whether the project was timely/actually important, whether you get assigned that project, and whether you are given the resources to make the project successful. The influence of luck on impact often pushes engineers to do short-term/unrisky work, when long-te
Using perf:
$ perf record -g binary
$ perf script | stackcollapse-perf.pl | rust-unmangle | flamegraph.pl > flame.svg
NOTE: See @GabrielMajeri's comments below about the
-g
option.
FWIW: I (@rondy) am not the creator of the content shared here, which is an excerpt from Edmond Lau's book. I simply copied and pasted it from another location and saved it as a personal note, before it gained popularity on news.ycombinator.com. Unfortunately, I cannot recall the exact origin of the original source, nor was I able to find the author's name, so I am can't provide the appropriate credits.
// Comcast Cable Communications, LLC Proprietary. Copyright 2014. | |
// Intended use is to display browser notifications for critical and time sensitive events. | |
var _ComcastAlert = (function(){ | |
return { | |
SYS_URL: '/e8f6b078-0f35-11de-85c5-efc5ef23aa1f/aupm/notify.do' | |
, dragObj: {zIndex: 999999} | |
, browser: null | |
, comcastCheck: 1 | |
, comcastTimer: null | |
, xmlhttp: null |
# Dependencies | |
# nginx_lua | |
# lua uuid module (luarocks install uuid) | |
http { | |
# this will be the request id | |
map $host $request_uuid { | |
default ''; | |
} |