Using Hermes’s Quicksort to run Doom: A tale of JavaScript exploitation
https://engineering.fb.com/2022/07/20/security/hermes-quicksort-to-run-doom/
https://engineering.fb.com/2022/07/20/security/hermes-quicksort-to-run-doom/
Engineering at Meta
Using Hermes’s Quicksort to run Doom: A tale of JavaScript exploitation
At Meta, our Bug Bounty program is an important element of our “defense-in-depth” approach to security. Our internal product security teams investigate every bug submission to assess its maximum po…
PART 1: How I Met Your Beacon – Overview
…During this research we will outline a number of effective strategies for hunting for beacons, supported by our BeaconHunter tool that we developed to execute these strategies and which we intend to open source in due course. In the following posts to this research, we will then step in to a number of case studies for applying these detections to a variety of both commercial and open source frameworks…:
https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/
…During this research we will outline a number of effective strategies for hunting for beacons, supported by our BeaconHunter tool that we developed to execute these strategies and which we intend to open source in due course. In the following posts to this research, we will then step in to a number of case studies for applying these detections to a variety of both commercial and open source frameworks…:
https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/
MDSec
PART 1: How I Met Your Beacon - Overview - MDSec
Introduction Its no secret that MDSec provides a commercial command-and-control framework with a focus on evasion for covert operations. With this in mind, we are continuously performing on-going R&D in...
Moving from NGINX to Caddy v2
https://seanchenpiano.com/pianonotes/2021/09/11/moving-from-nginx-to-caddy-v2/
https://seanchenpiano.com/pianonotes/2021/09/11/moving-from-nginx-to-caddy-v2/
pianonotes by Sean Chen
Moving from NGINX to Caddy v2
Motivation
EDIT: I had a misconfiguration that bit me in the ass recently (along with blindly updating Go to 1.17). Code below is updated.
I recently decided to try Caddy v2 for my personal home server, and had such a good and easy time with it that I…
EDIT: I had a misconfiguration that bit me in the ass recently (along with blindly updating Go to 1.17). Code below is updated.
I recently decided to try Caddy v2 for my personal home server, and had such a good and easy time with it that I…
Bolt like as Ansible alternative
Bolt is an open source orchestration tool that automates the manual work it takes to maintain your infrastructure.
* https://puppet.com/docs/bolt/latest/bolt.html
#tool
Bolt is an open source orchestration tool that automates the manual work it takes to maintain your infrastructure.
* https://puppet.com/docs/bolt/latest/bolt.html
#tool
Artillery - Cloud-scale performance testing
Very easy tool for web services benchmarking…:
* https://www.artillery.io
#tool
Very easy tool for web services benchmarking…:
* https://www.artillery.io
#tool
Artillery
Artillery · Full-stack performance & reliability testing
Keep production reliable, customers happy, and pagers silent.
2022-unit42-incident-response-report-final.pdf
3.1 MB
2022 Unit 42 Incident Response Report
Executive Summary: Every week brings news about threat actors—new campaigns, new groups, new types of attacks, new targets. Defenders can easily wind up playing catchup, but what does it take to flip the noscript?..
Big report abpout of top attacks trends and etc.
Executive Summary: Every week brings news about threat actors—new campaigns, new groups, new types of attacks, new targets. Defenders can easily wind up playing catchup, but what does it take to flip the noscript?..
Big report abpout of top attacks trends and etc.
Build an automated ecommerce app with WhatsApp Cloud API and Node.js
https://blog.logrocket.com/build-ecommerce-app-whatsapp-cloud-api-node-js/
https://blog.logrocket.com/build-ecommerce-app-whatsapp-cloud-api-node-js/
LogRocket Blog
Build an automated ecommerce app with WhatsApp Cloud API and Node.js - LogRocket Blog
The newly open-sourced WhatsApp Business API provides a new channel for ecommerce businesses to engage customers.
7 Daily Hacks For Programmers To Make Coding Skills Faster
https://dev.to/devsimc/7-daily-hacks-for-programmers-to-make-coding-skills-faster-a68
https://dev.to/devsimc/7-daily-hacks-for-programmers-to-make-coding-skills-faster-a68
DEV Community
7 Daily Hacks For Programmers To Make Coding Skills Faster
In 21st century, programming is everywhere. Some people are passionate about programming languages....
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself
Microsoft News
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware…
2207.05267.pdf
1.2 MB
Indoor optical fiber eavesdropping approach and its avoidance
🪢 A fast native data type for manipulating large strings in Redis
https://github.com/ekzhang/redis-rope
https://github.com/ekzhang/redis-rope
GitHub
GitHub - ekzhang/redis-rope: 🪢 A fast native data type for manipulating large strings in Redis
🪢 A fast native data type for manipulating large strings in Redis - ekzhang/redis-rope
Gum - A tool for glamorous shell noscripts. Leverage the power of Bubbles and Lip Gloss in your noscripts and aliases without writing any Go code
https://github.com/charmbracelet/gum
#tool #review
https://github.com/charmbracelet/gum
#tool #review
GitHub
GitHub - charmbracelet/bubbles: TUI components for Bubble Tea 🫧
TUI components for Bubble Tea 🫧. Contribute to charmbracelet/bubbles development by creating an account on GitHub.
The Four Golden Signals for SRE
The four golden signals of monitoring are latency, traffic, errors, and saturation. If you can only measure four metrics of your user-facing system, focus on these four…:
https://sre.google/sre-book/monitoring-distributed-systems/#xref_monitoring_golden-signals
The four golden signals of monitoring are latency, traffic, errors, and saturation. If you can only measure four metrics of your user-facing system, focus on these four…:
https://sre.google/sre-book/monitoring-distributed-systems/#xref_monitoring_golden-signals
Top Trending Python Frameworks Today
https://www.codemotion.com/magazine/backend/languages/top-python-frameworks/
https://www.codemotion.com/magazine/backend/languages/top-python-frameworks/
Codemotion Magazine
Top Trending Python Frameworks Today
Python is a popular, stable and easy-to-use coding language. Learn about its best frameworks for web applications, data science and more.
OctoSQL - is a query tool that allows you to join, analyse and transform data from multiple databases and file formats using SQL:
https://github.com/cube2222/octosql
https://github.com/cube2222/octosql
GitHub
GitHub - cube2222/octosql: OctoSQL is a query tool that allows you to join, analyse and transform data from multiple databases…
OctoSQL is a query tool that allows you to join, analyse and transform data from multiple databases and file formats using SQL. - cube2222/octosql
Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service (LSASS)
Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes. And if they’re a bit more tech-savvy, they’ll use the NtQuerySystemInformation system call directly.
Although this post will focus on obtaining a PID specifically for LSASS, the methods described here can be adapted to resolve PIDs for any process. Some of these are well known and have been discussed before, but there’s also a few new ones that many readers won’t be familiar with…
* https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/
Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes. And if they’re a bit more tech-savvy, they’ll use the NtQuerySystemInformation system call directly.
Although this post will focus on obtaining a PID specifically for LSASS, the methods described here can be adapted to resolve PIDs for any process. Some of these are well known and have been discussed before, but there’s also a few new ones that many readers won’t be familiar with…
* https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/
MDSec
Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service (LSASS) - MDSec
Introduction Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes....
What Is Bun.js and Why Is the JavaScript Community Excited About It?
https://www.makeuseof.com/what-is-bunjs-why-the-javanoscript-community-excited/
https://www.makeuseof.com/what-is-bunjs-why-the-javanoscript-community-excited/
MUO
What Is Bun.js and Why Is the JavaScript Community Excited About It?
Bun.js is a new JavaScript runtime but why are so many developers excited by it?