Backdooring Rust crates for fun and profit

Supply chains attacks are all the rage these days, whether to deliver RATs, cryptocurrencies miners, or credential stealers.

https://kerkour.com/rust-crate-backdoor/

@DevMisc
#rust #security #misc

Understanding ID Token

https://darutk.medium.com/understanding-id-token-5f83f50fa02e

@DevMic
#cryptography #learn #misc

Google SAPI

Generate sandboxes for C/C++ libraries automatically.

https://github.com/google/sandboxed-api

@DevMisc
#google #tools #c #cpp

Debugging a weird 'file not found' error

Yesterday I ran into a weird error where I ran a program and got the error “file not found” even though the program I was running existed.

https://jvns.ca/blog/2021/11/17/debugging-a-weird--file-not-found--error/

@DevMisc
#debug #docker #misc

A fast port scanner in 100 lines of Rust

https://kerkour.com/rust-fast-port-scanner/

@DevMisc
#rust #nmap

elfshaker

400 GiB -> 100 MiB, with 1s access time.

https://github.com/elfshaker/elfshaker

@DevMisc
#elf #compression #extra

Peculiar Self-References

Here is a tiny Python example that creates a self-referential list and demonstrates the self-reference.

https://susam.in/blog/peculiar-self-references.html

@DevMisc
#python #internals #learn

What's a CA anyway? Explaining the chain of trust that secures the Web

Are Certificate Authorities just a hoax to steal your money?

https://blog.nocturn9x.space/whats-a-ca-anyway-explaining-the-chain-of-trust-that-secures-the-web

@DevMisc [#Original ❤️]
#security #web #learn

Code execution as root via AT commands on the Quectel EG25-G modem

Do you remember the guy who got into his PinePhone modem via ADB and hosted his blog on it? He also found an RCE in it.

https://nns.ee/blog/2021/04/03/modem-rce.html

@DevMisc
#security #bugbounty #telephony

Only 90s Web Developers Remember This

https://zachholman.com/posts/only-90s-developers/

@DevMisc
#meme #extra #web

🧵 TIL the assumption that string length does not change when upper-cased is false!

https://chaos.social/@movonw/107316601658567746

@DevMisc
#extra

The New Life of PHP - The PHP Foundation

https://blog.jetbrains.com/phpstorm/2021/11/the-php-foundation/

@DevMisc
#php #web #extra

The Rust CUDA Project

An ecosystem of libraries and tools for writing and executing extremely fast GPU code fully in Rust.

https://github.com/RDambrosio016/Rust-CUDA

@DevMisc
#rust #gpu

Flatpak (and Snap) are not the future

Flatpak calls itself "the future of application distribution". I am not a fan. I’m going to outline here some of the technical, security and usability problems with Flatpak and others.

https://ludocode.com/blog/flatpak-is-not-the-future

@DevMisc
#store

Why IndexedDB is slow and what to use instead

https://rxdb.info/slow-indexeddb.html

@DevMisc
#performance #web

SSRF in Google worth $164 674

Yes, that's an insane bounty amount. The exploit happens on Google Cloud Computing, and finding it requires a ton of perseverance.

https://youtu.be/g-JgA1hvJzA

@DevMisc
#security #bugbounty #google

25 nooby Python habits you need to ditch

These nooby Python habits give away your inexperience in Python. Improve your code and your prestige just a bit by ditching those habits and doing things the Pythonic way.

https://youtu.be/qUeud6DvOWI

@DevMisc
#python #learn

Fun with Red Star OS

Red Star OS is a North Korean Linux distribution, with development first starting in 1998 at the Korea Computer Center (KCC). Prior to its release, computers in North Korea typically used Red Hat Linux and Windows XP.

https://sizeofcat.ru/post/fun-with-redstar-os/

@DevMisc
#extra

GitLab: Turning SSRF into RCE

https://youtu.be/RCJdPiogUIk

@DevMisc
#bugbounty #security

Recording myself finding an SSRF in Google

A full video recording all the process from finding an SSRF in Google Cloud, stealing the auth token, and bypassing the fix 2 times ($10 000)

https://youtu.be/UyemBjyQ4qA

@DevMisc
#security #bugbounty #google