This document discusses designing a WiFi access point (AP) using open source tools. It describes setting up a basic WiFi AP using hostapd to expose the device, dnsmasq for IP address assignment, and iptables for packet routing. It then discusses enhancing the design to allow WiFi roaming between multiple APs using the same SSID, authentication, and password. The document stresses that controlling the network's router gives complete visibility and control over all network traffic and devices.
This document discusses kernel-level rootkits in Linux. It explains that kernel-level rootkits are more robust than user-space rootkits because they can hide processes and prevent system crashes or reboots from revealing the intrusion. It then provides steps for creating a trivial kernel-based rootkit, including loading a kernel module, hooking a system call like getdent64, and overcoming challenges around locating the sys_call_table and modifying kernel memory. The document suggests some new techniques rootkits could use beyond just syscall hooking, and concludes by thanking the reader.
This document discusses designing a WiFi access point (AP) using open source tools. It describes setting up a basic WiFi AP using hostapd to expose the device, dnsmasq for IP address assignment, and iptables for packet routing. It then discusses enhancing the design to allow WiFi roaming between multiple APs using the same SSID, authentication, and password. The document stresses that controlling the network's router gives complete visibility and control over all network traffic and devices.
This document discusses kernel-level rootkits in Linux. It explains that kernel-level rootkits are more robust than user-space rootkits because they can hide processes and prevent system crashes or reboots from revealing the intrusion. It then provides steps for creating a trivial kernel-based rootkit, including loading a kernel module, hooking a system call like getdent64, and overcoming challenges around locating the sys_call_table and modifying kernel memory. The document suggests some new techniques rootkits could use beyond just syscall hooking, and concludes by thanking the reader.
Maximize Your Production Effort (Chinese)slantsixgames
Efficient Content Authoring Tools and Pipeline for Inter-Studio Asset Development
With the complexity of today's video games and their associated tight timelines, it is paramount for video game studios to have a highly efficient content authoring process and production workflow. With a trend towards outsourced development of game assets, there are additional considerations that are important for achieving optimal workflow between studios that are co-developing or sharing assets. This lecture gives valuable insight into how to create new content authoring tools and data transformation pipelines that promote efficient work flow for both internal and remote production teams. Specific considerations for outsourcing and worldwide development are made along the way.
Regular expressions (regex) are patterns used to match character combinations in strings. This document covers regex grammar including:
- Common regex patterns like . (any character), | (or), * + ? (quantifiers), character sets [], grouping (), lookahead/behind.
- Examples of regex to match HTML tags, validate dates in MM-DD-YYYY format, match ETH/BTC addresses and imgur image links.
- The difference between capturing groups like ab(ab) and lookbehinds like (?<=ab)ab which matches ab without capturing it.
This document provides an overview of using Object Relational Mapping (ORM) with Python SQLAlchemy and MariaSQL. It discusses using ORM for database access, mapping database tables to Python classes, querying relationships between tables, and more advanced topics like adding virtual columns without changing the database schema. The document also includes examples of querying data from multiple related tables and creating database views using alembic migrations.
Maximize Your Production Effort (Chinese)slantsixgames
Efficient Content Authoring Tools and Pipeline for Inter-Studio Asset Development
With the complexity of today's video games and their associated tight timelines, it is paramount for video game studios to have a highly efficient content authoring process and production workflow. With a trend towards outsourced development of game assets, there are additional considerations that are important for achieving optimal workflow between studios that are co-developing or sharing assets. This lecture gives valuable insight into how to create new content authoring tools and data transformation pipelines that promote efficient work flow for both internal and remote production teams. Specific considerations for outsourcing and worldwide development are made along the way.
Regular expressions (regex) are patterns used to match character combinations in strings. This document covers regex grammar including:
- Common regex patterns like . (any character), | (or), * + ? (quantifiers), character sets [], grouping (), lookahead/behind.
- Examples of regex to match HTML tags, validate dates in MM-DD-YYYY format, match ETH/BTC addresses and imgur image links.
- The difference between capturing groups like ab(ab) and lookbehinds like (?<=ab)ab which matches ab without capturing it.
This document provides an overview of using Object Relational Mapping (ORM) with Python SQLAlchemy and MariaSQL. It discusses using ORM for database access, mapping database tables to Python classes, querying relationships between tables, and more advanced topics like adding virtual columns without changing the database schema. The document also includes examples of querying data from multiple related tables and creating database views using alembic migrations.
This document provides an overview of iptables and nftables. Iptables is a user-space tool that controls netfilter, the Linux kernel module for network packet filtering and network address translation (NAT). It operates on tables, chains, and rules to filter packets. Nftables is the newer replacement for iptables that offers a more concise syntax without default tables or chains. It is based on network families and uses expressions, statements, and sets to filter packets as they pass through hooks and chains.
This document discusses various concepts related to Python objects including abstraction, with-statements, copying objects, object properties and attributes, object references, and special methods. It notes that with-statements make use of the __enter__ and __exit__ methods, and that objects can be copied using the copy module's copy and deep copy functions or the __copy__ and __deepcopy__ methods. The document also covers the difference between __dict__ and __slots__ for storing object attributes, using weak references via the __weakref__ attribute and weakref module, and special methods related to type conversions like string to integer.
This document provides an overview of Python objects and their associated special methods. It discusses common object methods like __repr__, __str__, and __dir__ that are used for object representation and properties. Comparison methods like __eq__ and attribute methods like __setattr__ are also covered. The document outlines object instantiation methods like __new__ and __init__ as well as serialization methods like __reduce__. Finally, it briefly discusses object-oriented concepts like metaclasses, inheritance, and pickling security concerns.
[2017.03.18] hst binary training part 1Chia-Hao Tsai
The document provides an overview of binary formats and machine code. It discusses the Mach-O binary format used on Mac OS X, including the header, commands, segments, and sections. It also covers x86-64 machine code layout and opcodes. A minimal Mach-O 64 binary is listed as an example, containing a header, commands, and 12 bytes of machine code while consuming only 4K of space.
The document discusses creating a minimal ELF (Executable and Linkable Format) file by hand. It explains that an ELF file contains a general header with metadata like the system architecture and endianness. It also contains a program header specifying the memory layout and permissions. The document gives an example of writing a "Hello World" program manually by writing the string to memory, setting registers, and calling syscalls to write to stdout and exit. It then introduces the concept of self-modifying code where the program writes instructions directly to memory at runtime.
This document outlines the agenda for HoneyCon 2014, including a Capture the Flag (CTF) event. The agenda covers past and current cyber attack trends like DDoS, spam, and mobile hacking. It also discusses honeypots and their use for detecting unauthorized users by emulating vulnerable systems and analyzing attack logs. Rules are provided for the CTF competition where teams will defend servers and try to capture flags from other teams' servers while maintaining their own services. The goal is to practice defensive and offensive hacking skills in a legal environment.
This document discusses password cracking methods, including storing passwords, hashing versus encryption, common hashing algorithms, and rainbow table attacks. It introduces password cracking and describes storing passwords in plaintext or hashed/encrypted formats. It also explains how rainbow table attacks work by pre-computing hash values into a lookup table to crack password hashes more efficiently than brute force methods.
This document discusses strategies for securing file input/output operations in C and C++ programs. It outlines various file identification issues like directory traversal and equivalence checks that could enable exploits. It also describes race conditions that can occur between checking and using a file. The key strategies recommended to mitigate these risks include closing the window between check and use, eliminating shared race objects, controlling access to race objects, and using tools to detect races. Overall, the document stresses applying concepts like atomic operations, mutual exclusion, and least privilege to securely manage file resources similarly to shared memory.
This document discusses secure coding practices for file input/output in C and C++. It covers file I/O basics like file system structures and types, as well as common interfaces for file I/O like stdio.h and iostream. It also discusses access control using UNIX permissions and user IDs. Potential vulnerabilities are outlined, such as setuid programs running with elevated privileges that could allow accessing unintended files if exploited. The document is an outline for a chapter that will continue discussing additional topics like race conditions and mitigation strategies for secure file I/O.
This document provides an overview of how to build a basic web server in 20 minutes. It explains that a web server follows the representational state transfer (REST) architectural style and discusses requests, responses, and parsing request data. It also describes adding dynamic functionality through common gateway interface (CGI) scripts and potential security issues around user inputs. The goal is to help readers understand the core components of a web server through a simple example implementation.