| -- https://support.microsoft.com/ja-jp/topic/%E3%83%AD%E3%83%BC%E3%83%9E%E5%AD%97%E5%85%A5%E5%8A%9B%E3%81%AE%E3%81%A4%E3%81%A5%E3%82%8A%E4%B8%80%E8%A6%A7%E8%A1%A8%E3%82%92%E7%A2%BA%E8%AA%8D%E3%81%97%E3%81%A6%E3%81%BF%E3%82%88%E3%81%86-bcc0ad7e-2781-cc9a-e524-7de506d8fdae | |
| local roman_kana_table = { | |
| -- common symbols in japanese writings | |
| ['~'] = '~', [','] = '、', ['.'] = '。', ['/'] = '・', | |
| ['-'] = 'ー', ['['] = '「', [']'] = '」', | |
| -- other full-space symbols | |
| -- ['!']='!', ['"']='”', ['#']='#', ['$']='$', ['%']='%', | |
| -- ['&']='&', [''']='’', ['(']='(', [')']=')', ['*']='*', | |
| -- ['+']='+', [',']=',', ['-']='-', ['.']='.', ['/']='/', |
| #!/bin/bash | |
| gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont' |
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
This project is a tiny compiler for a very simple language consisting of boolean expression.
The language has two constants: 1 for true and 0 for false, and 4 logic gates:
! (not), & (and), | (or), and ^ (xor).
It can also use parentheses to manage priorities.
Here is its grammar in BNF format:
expr ::= "0" | "1"
NPM/Node.js recently had a clever, yet simple, code injection attack using "dependency confusion" as the vulnerability. I describe the attack as conducted (simulated, really), and a systemic solution Polyverse has been building for the past two years designed to solve specifically this problem.
A recap of the attack, for baseline:
Node dependencies are specified by name and version but not address/location, i.e., {“sorter”: “1.0”, “binary-search”: “2.0”, “polyverse-billing”: 1.0}.
Notice the last one? It’s intended to be Polyverse internal and contains our proprietary (and sensitive) billing code. Obviously it does not exist on npmjs.com, the public upstream node package repository. It instead comes from a private repository hosted by Polyverse.
In a Sequence Diagram, this is how the flow worked before the attack. Pretty straight-forward.
This is inspired by https://fasterthanli.me/blog/2020/a-half-hour-to-learn-rust/
the command zig run my_code.zig will compile and immediately run your Zig
program. Each of these cells contains a zig program that you can try to run
(some of them contain compile-time errors that you can comment out to play
with)
>>> docker exec -it CONTAINERID /bin/sh
/app # telnet
/bin/sh: telnet: not found
/app # apk update
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
v3.7.0-243-gf26e75a186 [http://dl-cdn.alpinelinux.org/alpine/v3.7/main]
v3.7.0-229-g087f28e29d [http://dl-cdn.alpinelinux.org/alpine/v3.7/community]
This is a compiled list of falsehoods programmers tend to believe about working with time.
Don't re-invent a date time library yourself. If you think you understand everything about time, you're probably doing it wrong.
| Service | SSL | status | Response Type | Allowed methods | Allowed headers |
|---|
