GitHub Bug Bounty Experience provides an overview of the author's experience participating in GitHub's bug bounty program. The summary includes 3 key points:
1) The author is an information security engineer who participated in GitHub's bug bounty program to find vulnerabilities for monetary rewards, as well as for fun and the challenge.
2) Through analyzing GitHub Enterprise's virtual machine images and Ruby applications, the author discovered several security issues like hardcoded credentials, lack of input validation, and potential for command injection.
3) By probing the Babeld SVN proxy service, the author found ways to bypass authentication and potentially cause denial of service through excessive requests.
101 4.3 control mounting and unmounting of filesystems v2Acácio Oliveira
This document discusses Linux filesystems and mounting. It covers mounting filesystems manually and automatically at boot, configuring mount points, and controlling mounting and unmounting with commands like mount and umount. It also discusses the /etc/fstab file for defining filesystem mounts and examples of mount points. Finally, it briefly introduces the Logical Volume Manager (LVM) for managing logical volumes on physical storage devices.
This document provides instructions for configuring PC routing and Squid proxy server on a Linux system. It describes how to enable IP forwarding and NAT, install and configure Squid, set up directories for caching and blocking files, input blocked site keywords, reload the configuration, and set NAT rules to redirect port 80 traffic to the Squid proxy port 3128.
The document provides guidelines for deploying an L.N.M.P environment on a 64-bit server. It specifies directory locations for source code, installed software, scripts and logs. It also outlines steps to update the system, install and configure MySQL, Nginx, PHP and other packages, including compiling Nginx with specific modules and options, setting Nginx as a service, and enabling syntax highlighting for Nginx configuration files.
The document discusses hardening Linux servers against security threats. It begins by introducing the speaker and explaining the importance of hardening systems assuming an attacker has gained access. It then provides recommendations for various hardening techniques including: updating systems, removing unnecessary packages and users, securing SSH access, configuring firewalls and remote logging, auditing systems, and restricting access to things like temporary directories and compilers. The document is a guide that walks through steps to harden a Linux server across several areas.
4.3 control mounting and unmounting of filesystems v2Acácio Oliveira
This document discusses filesystem mounting in Linux. It covers mounting filesystems manually and automatically at boot, as well as mounting removable filesystems. Key tools for mounting (mount) and unmounting (umount) filesystems are described. The /etc/fstab file for configuring automatic mounts and mount points are explained. Logical Volume Management (LVM) is also summarized as providing logical drives that can grow and span physical devices.
The document discusses Day 2 operations for an OpenStack meetup in Ottawa on September 26, 2017. It provides information on setting up monitoring of OpenStack infrastructure with Nagios and the Elastic stack, including Elasticsearch, Kibana, Filebeat, and Metricbeat. It also discusses setting up the Dynatrace cloud monitoring solution for OpenStack, including the Dynatrace Security Gateway and OneAgents. Correlation of metrics, events, and data is highlighted as important for monitoring OpenStack services, applications, and the overall user experience.
This document provides details on Day 2 operations for an OpenStack Meetup on September 27, 2017 in Montreal. It includes an agenda for the day which involves setting up and configuring monitoring tools like Nagios, Elastic Stack, Filebeat, Metricbeat and Monasca Agent to monitor an OpenStack cloud deployment. It also discusses using Dynatrace to monitor the OpenStack deployment, correlate metrics and events, and provide real user monitoring.
How to install OpenStack MITAKA --allinone - cheat sheet -Naoto MATSUMOTO
How to install OpenStack MITAKA --allinone - cheat sheet -
27-Jun, 2016
SAKURA Internet, Inc. / SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
101 4.3 control mounting and unmounting of filesystems v2Acácio Oliveira
This document discusses Linux filesystems and mounting. It covers mounting filesystems manually and automatically at boot, configuring mount points, and controlling mounting and unmounting with commands like mount and umount. It also discusses the /etc/fstab file for defining filesystem mounts and examples of mount points. Finally, it briefly introduces the Logical Volume Manager (LVM) for managing logical volumes on physical storage devices.
This document provides instructions for configuring PC routing and Squid proxy server on a Linux system. It describes how to enable IP forwarding and NAT, install and configure Squid, set up directories for caching and blocking files, input blocked site keywords, reload the configuration, and set NAT rules to redirect port 80 traffic to the Squid proxy port 3128.
The document provides guidelines for deploying an L.N.M.P environment on a 64-bit server. It specifies directory locations for source code, installed software, scripts and logs. It also outlines steps to update the system, install and configure MySQL, Nginx, PHP and other packages, including compiling Nginx with specific modules and options, setting Nginx as a service, and enabling syntax highlighting for Nginx configuration files.
The document discusses hardening Linux servers against security threats. It begins by introducing the speaker and explaining the importance of hardening systems assuming an attacker has gained access. It then provides recommendations for various hardening techniques including: updating systems, removing unnecessary packages and users, securing SSH access, configuring firewalls and remote logging, auditing systems, and restricting access to things like temporary directories and compilers. The document is a guide that walks through steps to harden a Linux server across several areas.
4.3 control mounting and unmounting of filesystems v2Acácio Oliveira
This document discusses filesystem mounting in Linux. It covers mounting filesystems manually and automatically at boot, as well as mounting removable filesystems. Key tools for mounting (mount) and unmounting (umount) filesystems are described. The /etc/fstab file for configuring automatic mounts and mount points are explained. Logical Volume Management (LVM) is also summarized as providing logical drives that can grow and span physical devices.
The document discusses Day 2 operations for an OpenStack meetup in Ottawa on September 26, 2017. It provides information on setting up monitoring of OpenStack infrastructure with Nagios and the Elastic stack, including Elasticsearch, Kibana, Filebeat, and Metricbeat. It also discusses setting up the Dynatrace cloud monitoring solution for OpenStack, including the Dynatrace Security Gateway and OneAgents. Correlation of metrics, events, and data is highlighted as important for monitoring OpenStack services, applications, and the overall user experience.
This document provides details on Day 2 operations for an OpenStack Meetup on September 27, 2017 in Montreal. It includes an agenda for the day which involves setting up and configuring monitoring tools like Nagios, Elastic Stack, Filebeat, Metricbeat and Monasca Agent to monitor an OpenStack cloud deployment. It also discusses using Dynatrace to monitor the OpenStack deployment, correlate metrics and events, and provide real user monitoring.
How to install OpenStack MITAKA --allinone - cheat sheet -Naoto MATSUMOTO
How to install OpenStack MITAKA --allinone - cheat sheet -
27-Jun, 2016
SAKURA Internet, Inc. / SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
[ElasticStack]What happens when you visualize servers exposed to the world? Masamitsu Maehara
Dionaea and Cowrie are low-interactive honeypots that can be installed on AWS to gather malware samples from attackers. Beats are used to ship logs from the honeypots to Elasticsearch via Logstash. The Grok filter in Logstash parses the ClamScan log format into key-value pairs to normalize the data before storing it in Elasticsearch. This allows the malware detections to be visualized in Kibana for real-time surveillance of malware activity.
Mise en place d'un client VPN l2tp IPsec sous dockerNicolas Trauwaen
This document describes how to set up a L2TP/IPsec VPN client within a Docker container. It provides details on:
1) The motivation for putting the VPN client in a container, including easier deployment and configuration.
2) The components used - including Ubuntu, StrongSwan for IPsec, and Xl2tpd for L2TP.
3) The steps to build a Docker image with these components and configure it using environment variables to connect to a VPN server.
4) How to run the Docker container, check the VPN connection status, and next steps to improve the image size and routing.
101 4.3 control mounting and unmounting of filesystemsAcácio Oliveira
This document discusses mounting and unmounting filesystems in Linux. It covers key topics like manually mounting and unmounting filesystems, configuring mounting on boot using /etc/fstab, creating mount points, and utilities like mount, umount, blkid, and fstab. Examples are provided of mounting partitions and removable drives, unmounting safely, and configuring mount points in both Fedora and Ubuntu systems.
This document discusses Linux namespaces and containers. It provides examples of creating and using namespaces for mounts, UTS, PID, IPC, and networking. It also discusses how Docker uses namespaces and thin provisioning to implement containers. Key points include:
- Namespaces isolate processes into separate views of resources like mounts, network, UTS, PID
- Docker containers are based on namespaces and use a thin provisioned loopback file as the container root filesystem.
The document provides instructions for updating the FreeBSD 7.2 ports tree on a WebServer. The following steps are outlined:
1. Log in as the user "sermpan" and su to root.
2. Extract a backup of the ports tree files from /backups/distfiles72.tar.
3. Install and clean the cvsup port to update the ports tree files.
The document provides steps to install and configure OpenVPN on CentOS to create a VPN server. It describes installing required packages, setting up bridging and network interfaces, generating certificates using EasyRSA, configuring iptables, and writing server and client configuration files.
Booting directly opensuse iso file by grub2 @ openSUSE Asia Summit2015Kentaro Hatori
This document summarizes Kentaro Hatori's presentation on booting directly from openSUSE ISO files using grub2. It provides background on Hatori and his involvement in several Japanese open source and Linux communities. It then discusses Koedo LUG, a local Linux user group in Kawagoe-city, Japan. The main topic is examples of grub2 configuration files for booting many different Linux distributions directly from ISO files, including openSUSE, Ubuntu, Fedora, and more. It notes difficulties booting openSUSE ISO files directly and emphasizes having fun with Linux as most important.
Installation of Subversion on Ubuntu,...wensheng wei
The document provides instructions for installing Subversion on Ubuntu with Apache, SSL, and BasicAuth to allow hosting SVN repositories on a web server, including installing necessary packages, configuring Apache with a SSL certificate and virtual host, creating repositories under /var/svn, setting up authentication using htpasswd, and enabling WebDAV and SVN support in Apache.
Install and Configure Ubuntu for Hadoop Installation for beginners Shilpa Hemaraj
Covered each and every step to configure Ubuntu. Used vmware workstation 10.
Note: I am beginner so I might have used technical word wrong. But it is working perfectly fine.
This document provides instructions for installing OpenStack Kilo using RDO on a single node or on a 3 node environment consisting of a controller, network, and compute node. For a single node installation, it describes installing the necessary RPMs and packages and then running packstack. For a 3 node installation, it provides steps to configure each node including network interfaces and sysctl settings, and then generate an answer file and run packstack on the controller node.
1. The document summarizes the author's experience setting up Chainer environments and comparing Chainer's performance on different hardware configurations.
2. When running a MNIST training example on a ThinkPad X260 laptop, it took 714 seconds to complete 20 epochs. On an AWS p2.xlarge instance with a GPU, it took 111 seconds, around 6.4 times faster than the laptop.
3. Estimated time for a Raspberry Pi 3 was over 18 hours, over 600 times slower than the GPU instance and over 90 times slower than the laptop.
This document discusses using strace to trace system calls made by Perl programs. It provides examples of using strace to trace a web application's interactions with a database and memcached. Specifically, it shows strace output for MySQL and memcached requests, and analyzes strace logs to diagnose a slow cache retrieval issue and the "thundering herd problem".
wordpress with nginx on virtualization, jailJongseok Choi
This document describes how to set up a FreeBSD jail to host a WordPress site using Nginx and PHP-FPM. It includes steps for creating the jail using ZFS, installing a FreeBSD base system, configuring network interfaces and jail, installing Nginx, PHP-FPM, MySQL, and WordPress, and configuring the web server and database. The host system is configured to proxy and route requests to the jail using Nginx and PF.
How to manage Microsoft Azure with open sourceTaehee Jang
This document provides instructions for managing Microsoft Azure with open source tools. It discusses Bash on Ubuntu on Windows, the Azure CLI, Juju, and running Docker on Bash on Ubuntu on Windows. Specific commands and steps are provided to install tools, manage resources on Azure, deploy services, and connect Docker between the Windows and Ubuntu environments.
This document provides instructions and links for installing the necessary software for a JRuby on Rails tutorial, including the Java Development Kit (JDK), MySQL, GlassFish, and JRuby. The JDK 6 update 13 is the preferred version, with JDK 5 as the minimum. Links are included for downloading the JDK for Linux, OS X, and Windows systems, as well as for MySQL, GlassFish, and JRuby.
This document discusses the Puppet configuration management tool. It provides an overview of Puppet including its open source nature, supported platforms, file structure, and types of resources it can manage like files, packages, services. It also discusses Facter for collecting system facts. Several examples are shown of how to configure files, packages, services. Finally Amazon EC2 is mentioned as a way to deploy Puppet in a scalable environment.
Repositor.io is a tool for managing local Linux software repositories that mirrors online repositories. It supports YUM and APT repositories for distributions like RHEL, CentOS, Debian, and Ubuntu. The document provides instructions on installing and configuring repositor.io, including examples for setting up repositories for CentOS, Debian, Ubuntu, and custom repositories. It also describes how to use repositor.io to set up a private Docker registry.
In this PowerPoint, learn how a security policy can be your first line of defense. Servers running AIX and other operating systems are frequent targets of cyberattacks, according to the Data Breach Investigations Report. From DoS attacks to malware, attackers have a variety of strategies at their disposal. Having a security policy in place makes it easier to ensure you have appropriate controls in place to protect mission-critical data.
Presentation at March 2019 Dutch Postgres User Group Meetup on lessons learnt while migrating from Oracle to Postgres, demo'ed via vagrant test environments and using generic pgbench datasets.
[ElasticStack]What happens when you visualize servers exposed to the world? Masamitsu Maehara
Dionaea and Cowrie are low-interactive honeypots that can be installed on AWS to gather malware samples from attackers. Beats are used to ship logs from the honeypots to Elasticsearch via Logstash. The Grok filter in Logstash parses the ClamScan log format into key-value pairs to normalize the data before storing it in Elasticsearch. This allows the malware detections to be visualized in Kibana for real-time surveillance of malware activity.
Mise en place d'un client VPN l2tp IPsec sous dockerNicolas Trauwaen
This document describes how to set up a L2TP/IPsec VPN client within a Docker container. It provides details on:
1) The motivation for putting the VPN client in a container, including easier deployment and configuration.
2) The components used - including Ubuntu, StrongSwan for IPsec, and Xl2tpd for L2TP.
3) The steps to build a Docker image with these components and configure it using environment variables to connect to a VPN server.
4) How to run the Docker container, check the VPN connection status, and next steps to improve the image size and routing.
101 4.3 control mounting and unmounting of filesystemsAcácio Oliveira
This document discusses mounting and unmounting filesystems in Linux. It covers key topics like manually mounting and unmounting filesystems, configuring mounting on boot using /etc/fstab, creating mount points, and utilities like mount, umount, blkid, and fstab. Examples are provided of mounting partitions and removable drives, unmounting safely, and configuring mount points in both Fedora and Ubuntu systems.
This document discusses Linux namespaces and containers. It provides examples of creating and using namespaces for mounts, UTS, PID, IPC, and networking. It also discusses how Docker uses namespaces and thin provisioning to implement containers. Key points include:
- Namespaces isolate processes into separate views of resources like mounts, network, UTS, PID
- Docker containers are based on namespaces and use a thin provisioned loopback file as the container root filesystem.
The document provides instructions for updating the FreeBSD 7.2 ports tree on a WebServer. The following steps are outlined:
1. Log in as the user "sermpan" and su to root.
2. Extract a backup of the ports tree files from /backups/distfiles72.tar.
3. Install and clean the cvsup port to update the ports tree files.
The document provides steps to install and configure OpenVPN on CentOS to create a VPN server. It describes installing required packages, setting up bridging and network interfaces, generating certificates using EasyRSA, configuring iptables, and writing server and client configuration files.
Booting directly opensuse iso file by grub2 @ openSUSE Asia Summit2015Kentaro Hatori
This document summarizes Kentaro Hatori's presentation on booting directly from openSUSE ISO files using grub2. It provides background on Hatori and his involvement in several Japanese open source and Linux communities. It then discusses Koedo LUG, a local Linux user group in Kawagoe-city, Japan. The main topic is examples of grub2 configuration files for booting many different Linux distributions directly from ISO files, including openSUSE, Ubuntu, Fedora, and more. It notes difficulties booting openSUSE ISO files directly and emphasizes having fun with Linux as most important.
Installation of Subversion on Ubuntu,...wensheng wei
The document provides instructions for installing Subversion on Ubuntu with Apache, SSL, and BasicAuth to allow hosting SVN repositories on a web server, including installing necessary packages, configuring Apache with a SSL certificate and virtual host, creating repositories under /var/svn, setting up authentication using htpasswd, and enabling WebDAV and SVN support in Apache.
Install and Configure Ubuntu for Hadoop Installation for beginners Shilpa Hemaraj
Covered each and every step to configure Ubuntu. Used vmware workstation 10.
Note: I am beginner so I might have used technical word wrong. But it is working perfectly fine.
This document provides instructions for installing OpenStack Kilo using RDO on a single node or on a 3 node environment consisting of a controller, network, and compute node. For a single node installation, it describes installing the necessary RPMs and packages and then running packstack. For a 3 node installation, it provides steps to configure each node including network interfaces and sysctl settings, and then generate an answer file and run packstack on the controller node.
1. The document summarizes the author's experience setting up Chainer environments and comparing Chainer's performance on different hardware configurations.
2. When running a MNIST training example on a ThinkPad X260 laptop, it took 714 seconds to complete 20 epochs. On an AWS p2.xlarge instance with a GPU, it took 111 seconds, around 6.4 times faster than the laptop.
3. Estimated time for a Raspberry Pi 3 was over 18 hours, over 600 times slower than the GPU instance and over 90 times slower than the laptop.
This document discusses using strace to trace system calls made by Perl programs. It provides examples of using strace to trace a web application's interactions with a database and memcached. Specifically, it shows strace output for MySQL and memcached requests, and analyzes strace logs to diagnose a slow cache retrieval issue and the "thundering herd problem".
wordpress with nginx on virtualization, jailJongseok Choi
This document describes how to set up a FreeBSD jail to host a WordPress site using Nginx and PHP-FPM. It includes steps for creating the jail using ZFS, installing a FreeBSD base system, configuring network interfaces and jail, installing Nginx, PHP-FPM, MySQL, and WordPress, and configuring the web server and database. The host system is configured to proxy and route requests to the jail using Nginx and PF.
How to manage Microsoft Azure with open sourceTaehee Jang
This document provides instructions for managing Microsoft Azure with open source tools. It discusses Bash on Ubuntu on Windows, the Azure CLI, Juju, and running Docker on Bash on Ubuntu on Windows. Specific commands and steps are provided to install tools, manage resources on Azure, deploy services, and connect Docker between the Windows and Ubuntu environments.
This document provides instructions and links for installing the necessary software for a JRuby on Rails tutorial, including the Java Development Kit (JDK), MySQL, GlassFish, and JRuby. The JDK 6 update 13 is the preferred version, with JDK 5 as the minimum. Links are included for downloading the JDK for Linux, OS X, and Windows systems, as well as for MySQL, GlassFish, and JRuby.
This document discusses the Puppet configuration management tool. It provides an overview of Puppet including its open source nature, supported platforms, file structure, and types of resources it can manage like files, packages, services. It also discusses Facter for collecting system facts. Several examples are shown of how to configure files, packages, services. Finally Amazon EC2 is mentioned as a way to deploy Puppet in a scalable environment.
Repositor.io is a tool for managing local Linux software repositories that mirrors online repositories. It supports YUM and APT repositories for distributions like RHEL, CentOS, Debian, and Ubuntu. The document provides instructions on installing and configuring repositor.io, including examples for setting up repositories for CentOS, Debian, Ubuntu, and custom repositories. It also describes how to use repositor.io to set up a private Docker registry.
In this PowerPoint, learn how a security policy can be your first line of defense. Servers running AIX and other operating systems are frequent targets of cyberattacks, according to the Data Breach Investigations Report. From DoS attacks to malware, attackers have a variety of strategies at their disposal. Having a security policy in place makes it easier to ensure you have appropriate controls in place to protect mission-critical data.
Presentation at March 2019 Dutch Postgres User Group Meetup on lessons learnt while migrating from Oracle to Postgres, demo'ed via vagrant test environments and using generic pgbench datasets.
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
This document discusses using Logstash to collect, parse, and analyze log files. It begins with an introduction to logs and Logstash. It then covers installing and configuring Logstash - including using inputs to collect logs, filters to parse and transform data, and outputs to send parsed logs to a storage system. The document demonstrates a Logstash configuration to collect Apache access logs, parse fields using Grok, and output to Elasticsearch for analysis with Kibana. It concludes with tips on using Logstash for SEO-related tasks like analyzing crawler behavior and page load speeds.
Openstack Third-Party CI and the review of a few Openstack Infrastructure pro...Evgeny Antyshev
Presentation for QA:Conference held in Moscow, Russia on April 23rd.
Author: Evgeny Antyshev, Virtuozzo
These slide discover some Openstack Infrastructure tools to ease the task of creating generic CI systems. As an illustration, I setup "model" CI stand to test Libvirt project. Important ideas originated from Openstack testing also mentioned: pre-review integration testing, testing infrastructure in a cloud, project gating, etc.
Real World Lessons on the Pain Points of Node.js ApplicationsBen Hall
The document discusses several pain points experienced with Node.js applications and solutions for resolving them. It covers creating a strong foundation by upgrading to Node.js v5, locking down NPM dependencies, handling errors properly with try/catch blocks and promises, deploying applications using Docker for scaling, addressing security issues, and using tools like debug and profilers to improve performance.
GitHub investierte sehr stark im Bereich Security und hat als weltweit grösste Open-Source-Plattform auch die ideale Basis, um Abhängigkeiten und Schwachstellen viel genutzter Bibliotheken zu analysieren und zu notifizieren. In öffentlichen wie auch in privaten Repositories in GitHub Enterprise Cloud und GitHub Enterprise Server stehen einem unter dem Betriff "GitHub Advanced Security" eine Vielzahl von Sicherheitsfunktionen zur Verfügung.
Dieser Vortrag zeigt die Funktionsweise der Features Code Scanning, Secret Scanning und Dependency Review auf. GitHub Actions und Pull Requests runden die Werkzeugkiste für einen erfolgreichen DevSecOps-Prozess ab.
How to Design a Great API (using flask) [ploneconf2017]Devon Bernard
How do you build an API that developers love building and consumers love using?
There's a lot that goes into creating a great API. This presentation shares some tips & tricks, architectural patterns, and best practices that go into building a great engineering environment around your API.
Talk presented on Oct 18, 2017 at PloneConf2017.
Topics covered by this talk:
Intuitive Practices:
standardization, configuration/environment files, ORMs, SQLAlchemy, database migrations, Alembic, database seeds, requirements.txt, package management, dependency management, setup scripts
Durable Practices:
Unit Tests, virtual environments, flush vs commit, error rollbacks, request lifecycle, session lifecycle
Flexible Practices:
Directory structures, application factories, blueprints, python debugger
Reliable Practices:
Logging, progressive rollouts, slack hooks, cron health checks, api versioning, api analytics
Use Friendly Practices:
Endpoint design, endpoint documentation, debugging tools, postman
Speed Practices:
Python profiling, Bulk SQL Inserts, caching
Automating Container Deployments on Virtualization with Ansible: OpenShift on...Laurent Domb
Virtual machines and containers are not necessarily in competition - in fact, in many situations they are complementary. And the deployment of containers and their underlying VMs can be completely automated with Ansible - providing an on demand environment for production and development. Find out how in this session with Laurent Domb of Red Hat. He will provide slides and a demonstration.
Developing with the Go client for Apache KafkaJoe Stein
This document summarizes Joe Stein's go_kafka_client GitHub repository, which provides a Kafka client library written in Go. It describes the motivation for creating a new Go Kafka client, how to use producers and consumers with the library, and distributed processing patterns like mirroring and reactive streams. The client aims to be lightweight with few dependencies while supporting real-world use cases for Kafka producers and high-level consumers.
♥ Play Framework is an open-source web application framework for Java and Scala that follows the model-view-controller (MVC) architectural pattern. It supports dependency injection, routing, and asynchronous programming. Some key features include routing, controllers, database access using Slick, evolutions for database schema changes, and support for functional programming concepts like Option, Either, and Future.
This document discusses packaging Ruby and Rails applications for production. It covers using system packages versus gems, configuration management tools like Chef and Puppet, creating Debian packages, packaging gems, build servers, pain points like outdated Rubygems packages, and ideas for deeper Bundler integration and packaging gems by default. Overall it presents strategies for deploying Ruby applications as system packages for production servers.
The document discusses using Docker and Docker Compose to run Python and Django applications. It shows commands for pulling Docker images, running containers, linking databases, mounting volumes, building images, and using Docker Compose to define and run multi-container applications. Key aspects covered include using Dockerfiles to build images, linking containers, mounting host directories as volumes, setting environment variables, and running commands on container startup.
Finding target for hacking on internet is now easierDavid Thomas
Finding target on internet for penetration testing involves searching internet using google or using Google Hacking/Dorking. There are google hacking queries available on internet, according to ethical hacking researcher of International Institute of Cyber Security it is the main source of passive attacks on internet. This whole process of finding target on internet using GHDB is automated using python based framework named as Katana framework.
Instrumentación de entrega continua con GitlabSoftware Guru
Mostraremos el caso real de cómo tenemos implementado en nuestra empresa el flujo de desarrollo para integración y entrega continua, instrumentado con GitLab.
Sesión presentada por David Padilla en SG Next 2017
Automate Your Automation | DrupalCon ViennaPantheon
Greg Anderson provides guidance on automating various development and deployment tasks. He discusses automating tasks like development, testing, deployment and maintenance. Some key tools mentioned are Travis CI, Circle CI, Composer and hub. Automating tasks improves reliability, makes onboarding easier and allows doing more work. The costs of not automating include increased risk of errors and lost knowledge over time.
This document discusses using Puppet and related tools to automate the configuration and provisioning of development environments and servers. It covers using Vagrant and Puppet to set up local virtual machine environments, managing configurations with Puppet and Hiera, structuring code according to roles and profiles, integrating with version control and the Puppet Forge, and monitoring changes with tools like the Puppet Dashboard and MCollective. The document provides an overview of best practices and strategies for implementing infrastructure as code with Puppet.
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé
Le moyen le plus rapide d'obtenir une réponse d'un Backend est de ne pas l'appeler ;-) Une solution fournie par les "reverse-proxy" me direz-vous, mais pas si simple d'invalider le cache...
Ce talk aborde une fonctionnalité méconnue de Varnish: les tags. Nous verrons comment en tirer partie via les "event listeners" d'une application Symfony standard. Au menu, un cluster de Rasberry Pi, une API, et des données toujours fraîches sous la milliseconde.
2012 coscup - Build your PHP application on Herokuronnywang_tw
The document discusses deploying PHP applications on Heroku. It provides an overview of Heroku, including that it is a Platform-as-a-Service, was launched in 2007, uses Amazon Web Services, offers many add-ons, allows easy scaling, supports PostgreSQL, and offers some free usage. It then walks through deploying a basic "Hello World" PHP app on Heroku, including creating an app, adding code, committing and pushing to Heroku, and viewing the deployed app.
Similar to Год в Github bugbounty, опыт участия (20)
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
3. What is Bug Bounty?
Companies pay money for finding security vulnerabilities in their services/software
• Google Vulnerability Reward Program (VRP)
• Facebook
• Yandex (“Охота за ошибками”)
• …
• https://hackerone.com/
3
4. Why GitHub?
• We use it
• Blackbox -> Whitebox (GitHub Enterprise)
• Fun
• Bounty
4
5. 01
› Available as Virtual Machine image at
https://enterprise.github.com/
› 45 days trial included
GitHub Enterprise
7. VMware ESXi to Virtual Box (RAW)
7
vbox-img convert --srcfilename ghe-disk1.vmdk
--dstfilename ghe-disk1.raw
--srcformat VMDK
--dstformat RAW
Красный цвет
не правильный
20. 20
#
# Seriously, CC @github/appsec and @github/dotcom-security
# if you need to touch this file
#
class ApplicationController
after_filter :set_html_safe
private
# Overrides default CSP with the preview policy if enabled for current_user
#
# Returns nothing.
def set_security_headers
if preview_features?
SecureHeaders.use_secure_headers_override(request, :preview_policy)
end
…
21. Main GitHub application
• 1.5M+ LOC
• Sinatra
• Secure randoms, MsgPack serializer
• Pretty clean code
21
22. Hardcoded credentials
22
auth = "apt:6YLkX******h0zXf"
github_package_host =
if hostname.end_with?(".iad.github.net")
"packages.iad.github.net"
else
"packages-ext.iad.github.net"
end
set_up_source
:id => "github",
:deb => "https://#{auth}@#{github_package_host}/github-precise precise main",
:key => "https://#{auth}@#{github_package_host}/pubkey.gpg?OCC30EA6"
end
Красный цвет
не правильный
23. Hardcoded credentials
23
uri = URI.parse("https://secure.braintreepaymentgateway.com/api/transact.php")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
if Rails.production?
http.ca_file = "/usr/lib/ssl/certs/ca-certificates.crt"
end
params = {
"transactionid" => transaction_id,
"username" => "github",
"password" => "g********6",
…
Красный цвет
не правильный
27. 27
get "/cluster-preflight“ do
role = params[:type]
cluster_roles = %w(git web job mysql elasticsearch redis memcache metrics pages
storage)
if cluster_roles.include?(role)
output = IO.popen(["sudo", "/usr/bin/env", "CLUSTER_ROLE=#{role}",
"/usr/local/share/enterprise/ghe-preflight-check"]) { |io| io.read }
if $?.exitstatus == 0
status 200
else
status 400
output
end
else
…
32. src/util.c
32
assert_mem(line = calloc(strlen(read_buffer) + 1, sizeof(char)));
strncpy(line, read_buffer, strlen(read_buffer));
// See if we need to finish reading the line
while(line[strlen(line) - 1] != 'n') {
rc = fgets(read_buffer, sizeof(read_buffer), f);
if((rc == NULL) && feof(f)) {
// We got everything that we can get, so we'll
// call it a "line"
break;
}
…
Красный цвет
не правильный
33. src/util.c
33
assert_mem(line = calloc(strlen(read_buffer) + 1, sizeof(char)));
strncpy(line, read_buffer, strlen(read_buffer));
// See if we need to finish reading the line
while(strlen(line) && line[strlen(line) - 1] != 'n') {
rc = fgets(read_buffer, sizeof(read_buffer), f);
if((rc == NULL) && feof(f)) {
// We got everything that we can get, so we'll
// call it a "line"
break;
}
…
Красный цвет
не правильный
34. Babeld as SVN proxy
34
haproxy babeld
github app
slumlord
POST /auth
GET /repo
40. 40
gdb-peda$ bt
#0 _IO_vfprintf_internal (s=s@entry=0x7fbdfc8224d0,
format=format@entry=0x44bc45 "duration_ms=%f fs_sent=%lu fs_recv=%lu
client_recv=%lu client_sent=%lu ", ap=ap@entry=0x7fbdfc822638)
at vfprintf.c:1315
#1 0x00007fbdfb6d5409 in _IO_vsnprintf (string=0x7fbdfc8228ef "", maxlen=<optimized
out>,
format=0x44bc45 "duration_ms=%f fs_sent=%lu fs_recv=%lu client_recv=%lu
client_sent=%lu ", args=args@entry=0x7fbdfc822638) at vsnprintf.c:119
#2 0x00007fbdfb6b3e22 in __snprintf (s=<optimized out>, maxlen=<optimized out>,
format=<optimized out>) at snprintf.c:33
#3 0x0000000000417314 in log_with_timestamp (fmt=0x44bc45 "duration_ms=%f
fs_sent=%lu fs_recv=%lu client_recv=%lu client_sent=%lu ") at log.c:83
...
41. 41
...
#250 0x0000000000417b8f in log_with_timestamp (fmt=0x44bc45 "duration_ms=%f
fs_sent=%lu fs_recv=%lu client_recv=%lu client_sent=%lu ")
at log.c:212
#251 0x000000000041272b in http_generic_client_thread (ctx=0x44bc45,
handler=0x191) at http-server.c:303
#252 0x000000000041886b in http_svn_client_thread (arg=<optimized out>) at http-
server-svn.c:42
#253 0x00007fbdfba160a4 in start_thread (arg=0x7fbdfc8e1700) at pthread_create.c:309
#254 0x00007fbdfb74b5dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111