chitchcock

Stevey's Google Platforms Rant

I was at Amazon for about six and a half years, and now I've been at Google for that long. One thing that struck me immediately about the two companies -- an impression that has been reinforced almost daily -- is that Amazon does everything wrong, and Google does everything right. Sure, it's a sweeping generalization, but a surprisingly accurate one. It's pretty crazy. There are probably a hundred or even two hundred different ways you can compare the two companies, and Google is superior in all but three of them, if I recall correctly. I actually did a spreadsheet at one point but Legal wouldn't let me show it to anyone, even though recruiting loved it.

I mean, just to give you a very brief taste: Amazon's recruiting process is fundamentally flawed by having teams hire for themselves, so their hiring bar is incredibly inconsistent across teams, despite various efforts they've made to level it out. And their operations are a mess; they don't real

mlafeldt

Shakespeare Sonnet++ Postmortem (incident #465)

Date

2015-10-21

Authors

• jennifer
• martym

rofl0r

#define _XOPEN_SOURCE 700
#include <signal.h>
#include <unistd.h>

int main()
{
	sigset_t set;
	int status;

	if (getpid() != 1) return 1;

SwitHak

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

• Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
• The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
• The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

• NSA description:
• NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.

d4em0n

#define _GNU_SOURCE
#include <err.h>
#include <stdint.h>
#include <linux/bpf.h>
#include <linux/filter.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <asm/unistd_64.h>
#include <sys/types.h>

QiuhaoLi

/*
 * PoC for CVE-2021-41073, tested on Debian 11 with Linux 5.14
 * For writeup and exp visit https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
 * For liburing visit https://github.com/axboe/liburing
 * gcc -static -o poc poc.c -luring && ./poc
 */

#include <fcntl.h>
#include <stdio.h>
#include <string.h>

j00ru

# Insomni'hack Teaser 2017 "winworld" task exploit
#
# Author:    Mateusz "j00ru" Jurczyk
# Date:      21 January 2017
#
import os
import random
import string
import sys
import struct

mlafeldt

require 'stringex'

POSTS_DIR = '_posts'
BUILD_DIR = '_site'
DEPLOY_DIR = '_deploy'
DEPLOY_BRANCH = 'master'

def git(*args)
  sh 'git', *args
end

lantrix

curl https://youradfsserver.com.au/adfs/services/trust/13/usernamemixed --data @aws_saml_request.xml -H "Content-Type: application/soap+xml"  --verbose -o "saml.xml"

lantrix

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
            xmlns:a="http://www.w3.org/2005/08/addressing"
            xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
    <a:To s:mustUnderstand="1">https://youradfsserver.com.au/adfs/services/trust/13/usernamemixed</a:To>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1">
        <o:Username>user@domain.com.au</o:Username>
        <o:Password>password</o:Password>