Nobody knows-except-g4mm4
•
3 likes•5,302 views
This document contains information about different types of vulnerabilities including: - Captcha re-riding attacks which allow bypassing of CAPTCHAs. - SQL column truncation which allows accessing more data than intended through SQL queries. - Using header() in PHP without exit or die which can lead to header injections. - Many PHP sink functions that can be used maliciously like eval(), assert(), call_user_func. It provides examples code for some of these vulnerabilities and lists many PHP sink functions that could be exploited. The document appears to be part of a tutorial on different hacking techniques.
Report
Share
Report
Share
Recommended
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
The document discusses various search and replacement techniques in Emacs, including avy for jumping to locations, swiper/counsel for incremental searching the current buffer, multiple-cursors for editing multiple locations simultaneously, and counsel-ag/rg for searching files using grep commands. It provides examples of invoking and using each technique and configurations for customizing keys.
Emacs Key Bindings
Basics of Emacs keybindings (presentation at Boston Emacs Meetup https://www.meetup.com/Boston-Emacs-Meetup/)
「Frama-Cによるソースコード検証」 (mzp)
This document discusses using the Frama-C framework to formally verify C and C++ code. It provides examples of using Frama-C to verify functions that find the minimum of integer values, including abs(), min(), and min3(). Specifications for these functions are written using the ACSL specification language. Frama-C is then used to prove that the implementations satisfy the specifications. The document also discusses how concepts from Frama-C like LE (less than or equal) can be mapped to similar concepts in languages like Coq that are used for formal verification.
Vcs8
This document discusses functions in C programming. It defines different types of functions like standard library functions, user-defined functions and main function. It explains how functions can be defined in any order and called from any other function. It also provides tips about functions like a C program needs at least one main function, function names should be unique, more function calls means slower execution.
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
Guest-lecture given at UC Davis during my interview day in May of 2018.
Description: Using the printf() function is one of the very first steps every beginner learns when taking a programming class. It is also one of the most ubiquitous functions in software programs, across the many languages that define it. But how many programmers actually know how this common function works behind the scenes?
During this lecture, I will trace a brief history of printf(), delve into the nuts of bolts of a simple implementation through interactive coding, and branch out into interesting facts related to this function.
Circular queue
This document describes a program that implements a circular queue data structure in C using an array. It defines functions for inserting elements into the queue, deleting elements from the queue, and displaying the contents of the queue. The main part of the program runs a menu loop that allows the user to test the insertion, deletion, and display functions and observe overflow and underflow conditions.
Avl tree
This document describes an implementation of an AVL tree in C. It includes functions to insert nodes, search for nodes, and display the tree. The insert function recursively adds nodes, performs rotations to balance the tree if needed, and tracks the tree height. It uses pointers to dynamically allocate memory for nodes and restructures the tree during rotations to maintain the AVL tree balance property.
Final ds record
The program implements operations on a stack using an array. It includes functions for push(), pop(), and display(). Push inserts an element into the stack if not full. Pop removes an element if not empty. Display prints the stack elements using a for loop. The main() uses a switch case to call the functions based on user input until exit is chosen.
Recommended
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
The document discusses various search and replacement techniques in Emacs, including avy for jumping to locations, swiper/counsel for incremental searching the current buffer, multiple-cursors for editing multiple locations simultaneously, and counsel-ag/rg for searching files using grep commands. It provides examples of invoking and using each technique and configurations for customizing keys.
Emacs Key Bindings
Basics of Emacs keybindings (presentation at Boston Emacs Meetup https://www.meetup.com/Boston-Emacs-Meetup/)
「Frama-Cによるソースコード検証」 (mzp)
This document discusses using the Frama-C framework to formally verify C and C++ code. It provides examples of using Frama-C to verify functions that find the minimum of integer values, including abs(), min(), and min3(). Specifications for these functions are written using the ACSL specification language. Frama-C is then used to prove that the implementations satisfy the specifications. The document also discusses how concepts from Frama-C like LE (less than or equal) can be mapped to similar concepts in languages like Coq that are used for formal verification.
Vcs8
This document discusses functions in C programming. It defines different types of functions like standard library functions, user-defined functions and main function. It explains how functions can be defined in any order and called from any other function. It also provides tips about functions like a C program needs at least one main function, function names should be unique, more function calls means slower execution.
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
Guest-lecture given at UC Davis during my interview day in May of 2018.
Description: Using the printf() function is one of the very first steps every beginner learns when taking a programming class. It is also one of the most ubiquitous functions in software programs, across the many languages that define it. But how many programmers actually know how this common function works behind the scenes?
During this lecture, I will trace a brief history of printf(), delve into the nuts of bolts of a simple implementation through interactive coding, and branch out into interesting facts related to this function.
Circular queue
This document describes a program that implements a circular queue data structure in C using an array. It defines functions for inserting elements into the queue, deleting elements from the queue, and displaying the contents of the queue. The main part of the program runs a menu loop that allows the user to test the insertion, deletion, and display functions and observe overflow and underflow conditions.
Avl tree
This document describes an implementation of an AVL tree in C. It includes functions to insert nodes, search for nodes, and display the tree. The insert function recursively adds nodes, performs rotations to balance the tree if needed, and tracks the tree height. It uses pointers to dynamically allocate memory for nodes and restructures the tree during rotations to maintain the AVL tree balance property.
Final ds record
The program implements operations on a stack using an array. It includes functions for push(), pop(), and display(). Push inserts an element into the stack if not full. Pop removes an element if not empty. Display prints the stack elements using a for loop. The main() uses a switch case to call the functions based on user input until exit is chosen.
C program to implement linked list using array abstract data type
C program to implement linked list using array abstract data typeloyola ICAM college of engineering and technology
This document contains C code to implement a linked list and array-based list data structure (ADT). It includes functions to create, insert, delete, search and display elements in the list. For the linked list implementation, nodes containing data and pointer to next node are used. Functions like create, insert, delete manipulate the pointers to manage the list. The array implementation uses an array to store elements and tracks the number of elements. Functions perform similar operations of adding, removing and searching elements in the array representing the list.Stack Data Structure
This document contains the code for a C program that implements a stack using an array. It defines functions for push, pop, and display operations on the stack. The main function runs a menu loop that calls these functions based on the user's input choice and handles errors like overflow and underflow.
Php radomize
This document discusses randomization functions in PHP like shuffle() and str_shuffle(). It examines how the implementations have changed over time in PHP versions. Specifically, it finds that earlier versions of shuffle() and str_shuffle() did not produce truly random results due to issues with the random number generation. The current implementations in recent PHP versions do properly randomize the values, but the document proposes reimplementing shuffle() to use mt_rand() for improved consistency across environments.
Hacking parse.y (RubyConf 2009)
The document summarizes hacking the Ruby parser (parse.y) to add new syntax features to the language. It discusses four cases: 1) allowing the :-) syntax for hash rockets, 2) treating single quotes as symbols, 3) adding increment operator ++, and 4) allowing method definitions like def A#b. The presenter explains how changes can be made to the lexer and parser to implement these features by modifying parse.y and related files.
Taking Inspiration From The Functional World
No matter how crazy this may sound, taking inspiration from the functional world when programming in an OO language like Ruby turns out to be a good idea. In this talk we’re going to look at various functional ideas implemented in Ruby and see how they can improve and simplify our code, making it easier to grow and maintain applications.
Message in a bottle
This document discusses how different Ruby implementations like MRI, Rubinius, and JRuby handle method dispatch and execution. It explains how MRI searches for and executes methods, and how Rubinius and JRuby optimize this using techniques like inline caches, just-in-time compilation, and invokedynamic. It provides code examples and compares the bytecode generated by each implementation.
What is python
Python is an open source, object-oriented programming language that is easy to read and supports multiple programming paradigms. It was created by Guido van Rossum in 1989 and its development is community-driven. Python code is structured and readable using indentation and it supports features like exception handling, dynamic typing, and memory management. It can be used for web development, science, gaming, and more. Popular implementations of Python include CPython, Jython, IronPython, and PyPy.
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
Every program needs some input and some logic to translate such input into structured data in memory.
Language parsers, in particular, are notoriously error-prone to write,so programmers often define a high-level grammar and use parsergenerators to make the parsing process easier.
What does this entail for a security analyst?
In this talk you will learn what to do when you encounter GNU bison-generated code in a binary, what kind of code it creates, and how to exploit its structure to analyze targets faster and improve your fuzzers in the process.
You will also walk away with a free (as in freedom) tool to automate your reverse engineering efforts.
Memory management in cocos2d x - Le Duy Vu
This document discusses memory optimization techniques for games, including reference counting, autorelease pools, and texture caching. It recommends avoiding loading individual PNG/JPG textures, instead loading textures from largest to smallest using the compressed PVR.CCZ format. Autorelease pools allow deferring the release of objects until the pool is drained, but they cannot be nested or used in multithreaded environments. Texture caches like CCTextureCache and CCSpriteFrameCache improve performance by reusing loaded texture assets.
as400 built in function- %SCAN
%SCAN is used to find the position of the first occurrence of a search string within a source string. It returns an integer value representing the starting position. The example program uses %SCAN to find the position of the first space in the string "Search string", assigns substrings before and after that position to other variables, and displays the results.
Funcion matematica
This code defines functions for generating random numbers, finding minimum and maximum values, restricting values within ranges, mapping one range of values to another, and performing square root and power mathematical operations on the random numbers. It prints the random numbers, results of the functions, and delays for 5 seconds between loops.
Array imp of list
This document describes an array implementation of a list data structure in C. It defines functions to create, insert, delete, search, and display elements in an array representing a list. The main function uses a menu-driven system to call these functions and allow the user to test the list operations by entering their choices and inputs. The functions implement basic list operations like adding elements to empty positions, deleting by shifting elements, linear searching, and displaying the current list.
Data Structures : array operations in c program
This document contains C code that implements various array operations: creation, display, insertion, deletion, searching, sorting, and merging of arrays. It defines functions for each operation and a main function that uses a switch statement to call the appropriate function based on the user's menu choice. The arrays can store integer values. The code allows the user to repeatedly perform array operations and view the results until choosing to exit the program.
Kotlin - Null safety
How can Kotlin's type system avoid NullPointerException from our code?
- Safe calls
- Elvis operator
- The !! operator
- Safe casts
- Collections of a nullable type
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
The document discusses the inner workings of the Python virtual machine and bytecode. It explains that Python code is compiled to bytecode, which is then interpreted by a large switch statement in the Python virtual machine. The bytecode consists of numeric codes and arguments that correspond to stack-based operations. It provides examples of disassembling bytecode into a more human-readable format and how the virtual machine handles dynamic operations like string formatting and operator overloading.
Constructor and variables
The document discusses constructors and variables in object-oriented programming. It defines constructors as special methods that initialize instance variables during object creation. Constructors can be parameterized or non-parameterized. The document also distinguishes between class/static variables that are shared among all objects, instance/non-static variables that are unique to each object, global variables declared outside functions, and local variables declared inside functions. It provides examples of using constructors and different variable types in Python classes.
Keynote, PHP World Kongress Munich
This document discusses several topics from a PHP conference:
1. Namespaces, closures, and new features in PHP like intl, phar, and enchant are covered.
2. Namespaces allow logical grouping of classes and functions to avoid naming collisions. Closures allow anonymous functions.
3. Other topics include internationalization support with intl, packaging applications with phar, and spell checking with enchant.
Double linked list
This document describes a menu-driven C program that implements a doubly linked list. The program allows the user to perform operations like creation, insertion, deletion, sorting, and searching of nodes in the doubly linked list. The main functions include create() to create nodes, display() to print the list, insert() to add nodes at different positions, delete() to remove nodes, sort() to sort the list, and find() to search for a node. The program uses a menu to allow the user to select the desired operation on the doubly linked list.
Functional php
This document discusses functional programming concepts in PHP like pure functions, higher-order functions, and recursion. It provides examples of mapping, folding, and partial function application. Modularization with functional programming encourages decomposing problems into smaller parts and recomposing them with lazy evaluation and higher-order functions to reduce complexity.
Laziness in Swift
© Maciej Konieczny
http://narf.pl/
github.com/narfdotpl/swiftwro-1-laziness-in-swift
Talk that Macoscope's own Maciej Konieczny gave at the first SwiftWro meetup on 2014-08-20 in Wrocław, Poland.
http://vimeo.com/104053958
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
This document discusses exploiting PHP unserialization vulnerabilities. It begins by introducing the presenter and explaining what unserialization is and how it can be insecure if magic methods like __wakeup or __destruct are executed after unserialization. Potential vulnerabilities are demonstrated through examples. The document then discusses more complex chains that can be used to exploit unserialization, including examples from real-world projects like Kohana and exploiting serialized data stored in databases. It describes building a tool to automatically find chains in PHP code that could be exploited via unserialization and demonstrates its use on sample code. The document concludes by noting the challenges of automatically generating exploits due to the lack of static analysis in the tool.
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
This document discusses exploiting PHP unserialization vulnerabilities. It begins by introducing the presenter and explaining why unserialization is insecure, as magic methods like __destruct can be executed after unserialization. Potential exploits are demonstrated through examples, including using unserialization to execute system commands and perform SSRF attacks. The document also notes that many PHP frameworks and libraries contain classes that could enable chaining multiple exploits through unserialization. It then describes the presenter's tool for analyzing PHP code to find possible exploit chains for unserialization vulnerabilities.
More Related Content
What's hot
C program to implement linked list using array abstract data type
C program to implement linked list using array abstract data typeloyola ICAM college of engineering and technology
This document contains C code to implement a linked list and array-based list data structure (ADT). It includes functions to create, insert, delete, search and display elements in the list. For the linked list implementation, nodes containing data and pointer to next node are used. Functions like create, insert, delete manipulate the pointers to manage the list. The array implementation uses an array to store elements and tracks the number of elements. Functions perform similar operations of adding, removing and searching elements in the array representing the list.Stack Data Structure
This document contains the code for a C program that implements a stack using an array. It defines functions for push, pop, and display operations on the stack. The main function runs a menu loop that calls these functions based on the user's input choice and handles errors like overflow and underflow.
Php radomize
This document discusses randomization functions in PHP like shuffle() and str_shuffle(). It examines how the implementations have changed over time in PHP versions. Specifically, it finds that earlier versions of shuffle() and str_shuffle() did not produce truly random results due to issues with the random number generation. The current implementations in recent PHP versions do properly randomize the values, but the document proposes reimplementing shuffle() to use mt_rand() for improved consistency across environments.
Hacking parse.y (RubyConf 2009)
The document summarizes hacking the Ruby parser (parse.y) to add new syntax features to the language. It discusses four cases: 1) allowing the :-) syntax for hash rockets, 2) treating single quotes as symbols, 3) adding increment operator ++, and 4) allowing method definitions like def A#b. The presenter explains how changes can be made to the lexer and parser to implement these features by modifying parse.y and related files.
Taking Inspiration From The Functional World
No matter how crazy this may sound, taking inspiration from the functional world when programming in an OO language like Ruby turns out to be a good idea. In this talk we’re going to look at various functional ideas implemented in Ruby and see how they can improve and simplify our code, making it easier to grow and maintain applications.
Message in a bottle
This document discusses how different Ruby implementations like MRI, Rubinius, and JRuby handle method dispatch and execution. It explains how MRI searches for and executes methods, and how Rubinius and JRuby optimize this using techniques like inline caches, just-in-time compilation, and invokedynamic. It provides code examples and compares the bytecode generated by each implementation.
What is python
Python is an open source, object-oriented programming language that is easy to read and supports multiple programming paradigms. It was created by Guido van Rossum in 1989 and its development is community-driven. Python code is structured and readable using indentation and it supports features like exception handling, dynamic typing, and memory management. It can be used for web development, science, gaming, and more. Popular implementations of Python include CPython, Jython, IronPython, and PyPy.
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
Every program needs some input and some logic to translate such input into structured data in memory.
Language parsers, in particular, are notoriously error-prone to write,so programmers often define a high-level grammar and use parsergenerators to make the parsing process easier.
What does this entail for a security analyst?
In this talk you will learn what to do when you encounter GNU bison-generated code in a binary, what kind of code it creates, and how to exploit its structure to analyze targets faster and improve your fuzzers in the process.
You will also walk away with a free (as in freedom) tool to automate your reverse engineering efforts.
Memory management in cocos2d x - Le Duy Vu
This document discusses memory optimization techniques for games, including reference counting, autorelease pools, and texture caching. It recommends avoiding loading individual PNG/JPG textures, instead loading textures from largest to smallest using the compressed PVR.CCZ format. Autorelease pools allow deferring the release of objects until the pool is drained, but they cannot be nested or used in multithreaded environments. Texture caches like CCTextureCache and CCSpriteFrameCache improve performance by reusing loaded texture assets.
as400 built in function- %SCAN
%SCAN is used to find the position of the first occurrence of a search string within a source string. It returns an integer value representing the starting position. The example program uses %SCAN to find the position of the first space in the string "Search string", assigns substrings before and after that position to other variables, and displays the results.
Funcion matematica
This code defines functions for generating random numbers, finding minimum and maximum values, restricting values within ranges, mapping one range of values to another, and performing square root and power mathematical operations on the random numbers. It prints the random numbers, results of the functions, and delays for 5 seconds between loops.
Array imp of list
This document describes an array implementation of a list data structure in C. It defines functions to create, insert, delete, search, and display elements in an array representing a list. The main function uses a menu-driven system to call these functions and allow the user to test the list operations by entering their choices and inputs. The functions implement basic list operations like adding elements to empty positions, deleting by shifting elements, linear searching, and displaying the current list.
Data Structures : array operations in c program
This document contains C code that implements various array operations: creation, display, insertion, deletion, searching, sorting, and merging of arrays. It defines functions for each operation and a main function that uses a switch statement to call the appropriate function based on the user's menu choice. The arrays can store integer values. The code allows the user to repeatedly perform array operations and view the results until choosing to exit the program.
Kotlin - Null safety
How can Kotlin's type system avoid NullPointerException from our code?
- Safe calls
- Elvis operator
- The !! operator
- Safe casts
- Collections of a nullable type
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
The document discusses the inner workings of the Python virtual machine and bytecode. It explains that Python code is compiled to bytecode, which is then interpreted by a large switch statement in the Python virtual machine. The bytecode consists of numeric codes and arguments that correspond to stack-based operations. It provides examples of disassembling bytecode into a more human-readable format and how the virtual machine handles dynamic operations like string formatting and operator overloading.
Constructor and variables
The document discusses constructors and variables in object-oriented programming. It defines constructors as special methods that initialize instance variables during object creation. Constructors can be parameterized or non-parameterized. The document also distinguishes between class/static variables that are shared among all objects, instance/non-static variables that are unique to each object, global variables declared outside functions, and local variables declared inside functions. It provides examples of using constructors and different variable types in Python classes.
Keynote, PHP World Kongress Munich
This document discusses several topics from a PHP conference:
1. Namespaces, closures, and new features in PHP like intl, phar, and enchant are covered.
2. Namespaces allow logical grouping of classes and functions to avoid naming collisions. Closures allow anonymous functions.
3. Other topics include internationalization support with intl, packaging applications with phar, and spell checking with enchant.
Double linked list
This document describes a menu-driven C program that implements a doubly linked list. The program allows the user to perform operations like creation, insertion, deletion, sorting, and searching of nodes in the doubly linked list. The main functions include create() to create nodes, display() to print the list, insert() to add nodes at different positions, delete() to remove nodes, sort() to sort the list, and find() to search for a node. The program uses a menu to allow the user to select the desired operation on the doubly linked list.
Functional php
This document discusses functional programming concepts in PHP like pure functions, higher-order functions, and recursion. It provides examples of mapping, folding, and partial function application. Modularization with functional programming encourages decomposing problems into smaller parts and recomposing them with lazy evaluation and higher-order functions to reduce complexity.
Laziness in Swift
© Maciej Konieczny
http://narf.pl/
github.com/narfdotpl/swiftwro-1-laziness-in-swift
Talk that Macoscope's own Maciej Konieczny gave at the first SwiftWro meetup on 2014-08-20 in Wrocław, Poland.
http://vimeo.com/104053958
What's hot (20)
C program to implement linked list using array abstract data type
C program to implement linked list using array abstract data type
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
Similar to Nobody knows-except-g4mm4
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
This document discusses exploiting PHP unserialization vulnerabilities. It begins by introducing the presenter and explaining what unserialization is and how it can be insecure if magic methods like __wakeup or __destruct are executed after unserialization. Potential vulnerabilities are demonstrated through examples. The document then discusses more complex chains that can be used to exploit unserialization, including examples from real-world projects like Kohana and exploiting serialized data stored in databases. It describes building a tool to automatically find chains in PHP code that could be exploited via unserialization and demonstrates its use on sample code. The document concludes by noting the challenges of automatically generating exploits due to the lack of static analysis in the tool.
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
This document discusses exploiting PHP unserialization vulnerabilities. It begins by introducing the presenter and explaining why unserialization is insecure, as magic methods like __destruct can be executed after unserialization. Potential exploits are demonstrated through examples, including using unserialization to execute system commands and perform SSRF attacks. The document also notes that many PHP frameworks and libraries contain classes that could enable chaining multiple exploits through unserialization. It then describes the presenter's tool for analyzing PHP code to find possible exploit chains for unserialization vulnerabilities.
Review unknown code with static analysis - bredaphp
Code quality is not just for christmas, it is a daily part of the job. So, what do you do when you're handed with a five feet long pole a million lines of code that must be vetted ? You call static analysis to the rescue. During one hour, we'll be reviewing totally unknown code code : no name, no usage, not a clue. We'll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code ?
The why and how of moving to php 5.4/5.5
With PHP 5.5 out and many production environments still running 5.2 (or older), it's time to paint a clear picture on why everyone should move to 5.4 and 5.5 and how to get code ready for the latest version of PHP. In this talk, we'll look at some handy tools and techniques to ease the migration.
An introduction to PHP 5.4
This document introduces PHP 5.4 and provides an overview of new features and changes from previous versions. Some key additions in PHP 5.4 include improved performance, always available short echo tags, closure support for $this, class member access on instantiation, and a built-in development web server. The document also discusses how to switch to PHP 5.4 on Gentoo Linux and provides useful links for more information.
Lisp Macros in 20 Minutes (Featuring Clojure)
"We just started holding 20 minutes presentations during lunch time in the ThoughtWorks Sydney office. For the first session I gave a not-that-short talk on Lisp macros using Clojure. The slides are below.
It turns out that 20 minutes is too little time to actually acquire content but I think at least we now have some people interested in how metaprogramming can be more than monkey patching."
http://fragmental.tw/2009/01/20/presentation-slides-macros-in-20-minutes/
Preparing for the next PHP version (5.6)
With versions stretching from 5.3 to 5.6, PHP has several major published versions, that require special attention when migrating. Beyond checking for compilation, the code must be reviewed to avoid pitfalls like obsoletes functions, new features, change in default parameters or behavior. We'll set up a checklist of such traps, and ways to find them in the code and be reading for PHP 5.6.
CLI, the other SAPI phpnw11
This document provides information about using the PHP command line interface (CLI) SAPI. It discusses when to use the CLI SAPI, such as for cron jobs, batch tasks, daemons, and process control. It also provides examples of using the PHP binary to execute scripts from the command line, pass arguments, read from STDIN, and use options like -a for interactive mode, -r to run PHP code directly, and -i to get PHP configuration information.
How to write not breakable unit tests
This presentation is about how to write tests faster, how to use real objects in tests which allow us to refactor a lot of code without worrying about "refactoring" other tests.
The why and how of moving to PHP 5.4/5.5
With PHP 5.5 out and many production environments still running 5.2 (or older), it's time to paint a clear picture on why everyone should move to 5.4 and 5.5 and how to get code ready for the latest version of PHP. In this talk, we'll migrate an old piece of code using some standard and some very non-standard tools and techniques.
Introduction to PHP 5.3
PHP 5.3 includes major new features like namespaces, improved performance, and new functions. Namespaces allow cleaner naming conventions and multiple namespaces per file. Other new features include __DIR__, late static binding, improved OpenSSL and date functions, and SPL data structure classes. Overall, PHP 5.3 focuses on evolutionary improvements to existing functionality.
Driver Debugging Basics
This document provides an overview of debugging techniques for x64 and x86 architectures, including key differences and commands. It discusses debugging tools in Windows Vista and Windows Server, architectural changes, and answers the top 10 questions on debugging topics such as breakpoints, scripts, pseudo registers, and more. Recommended resources and related training sessions are also provided.
Александр Трищенко: PHP 7 Evolution
Доклад с PUG#7 https://www.facebook.com/events/772501586209518/
- Введение в PHP7. Почему стоит смотреть в эту сторону
- Используем PHP7 сейчас
- Нововведения
- Производительность
- “Строгая” типизация в PHP
- Подробный разбор нового механизма работы с ошибками
- Новые возможности для работы с замыканиями
- Синтаксический сахар
Diving into HHVM Extensions (php[tek] 2016)
HHVM is quickly gaining popularity, and it is a pretty exciting time for PHP runtimes. Have you ever wondered what is going on beneath this slick, super-speedy engine? I wondered that myself, so I dived into the internals of HHVM, discovering a treasure trove of awesome stuff. In this talk, I will show you how HHVM works and how it all pieces together through a guided tour of the codebase. I will also show you a couple of ways to write your own incredible HHVM extensions.
Linux Command Line
The document lists several dangerous Linux commands that could damage a system, as well as some basic Linux commands. It then discusses Linux file permissions and provides examples of changing permissions using chmod. Finally, it describes how to crack Windows passwords by mounting a Windows partition and using chntpw on the SAM file.
A little systemtap
This document discusses the Linux tracing tool systemtap. It provides an overview of systemtap and what it can be used for, including tracing system calls, kernel functions, and application functions. It also discusses how systemtap works, how it uses debugging symbols, and how RPMs handle separate debug information files. Several examples are given of using systemtap probes to trace requests for Nginx, cURL, Redis, MySQL, and TCP retransmissions. The document suggests systemtap can be used beyond C for tracing languages like MySQL, Python and Java.
A little systemtap
This document discusses the Linux tracing tool systemtap. It provides an overview of systemtap and what it can be used for, including tracing system calls, kernel functions, and application functions. It also discusses how systemtap works, how it uses debugging symbols, and how RPMs handle separate debug information files. Several examples are given of using systemtap probes to trace requests for Nginx, cURL, Redis, MySQL, and TCP retransmissions. The document concludes by mentioning using DTrace for other languages beyond C, such as MySQL, Python, and Java.
Дмитрий Демчук. Кроссплатформенный краш-репорт
Доклад будет посвящен возможностям библиотеки Google Breakpad по созданию краш-репорта. Посмотрим как это работает изнутри.
На примерах будут рассмотрены способы интеграции библиотеки на разных платформах Windows, Linux, Max OS.
Price of an Error
It is quite often that software developers have absolutely no clue about the cost of an error. It is very important that the error be found at the earliest possible stage.
Sql Injection Attacks(Part1 4)
The document discusses a SQL injection attack targeting Microsoft SQL servers that was observed in the website's server logs. It decodes the hexadecimal payload from the query string to reveal SQL code attempting to retrieve table and column names to then inject script tags linking to an external JavaScript file hosted on a Chinese domain. The document provides information on how to detect and prevent such attacks, including input sanitization, intrusion detection rules, and securing forms and queries. It also analyzes the behavior and payloads of the malicious JavaScript.
Similar to Nobody knows-except-g4mm4 (20)
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphp
Recently uploaded
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentationsGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GridMate - End to end testing is a critical piece to ensure quality and avoid...
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
By Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Recently uploaded (20)
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Nobody knows-except-g4mm4
- 1. Nobody knows... except g4mm4 http://hackerspace.vn Part I gamma95x40gmail.com
- 2. $ls -la ● Captcha re-riding attack ● SQL column truncation ● Header() without exit()/die() ● Sink functions
- 3. $whoami
- 15. Ex2: (Login.php)
- 21. Questions?