This document provides an overview of input/output (IO) operations in Perl, including how to open and read/write to files. It discusses opening files and assigning them to handles, as well as using open, print, and close to write to a file. It describes using while loops to read from files line by line to avoid reading the entire file at once. The document also mentions redirecting program outputs, using command line arguments via the @ARGV array, and the $_ variable. Finally, it briefly introduces opendir and readdir for reading the contents of directories.
With this presentation I hope to show that using SPL doesn't require a PHD and that it really benefits your application design, maintainability and implements best practices to solve common development problems.
Perl is an interpreted language, meaning that a control program that understands the semantics of the language and its components (the interpreter) executes program components individually as they are encountered in the control flow.
Interpreted execution makes Perl flexible, convenient, and fast for programming, with some penalty paid in execution speed.
This presentation was presented at IT Audit & IT Security Meetup #4 at Indonesian Cloud, Jakarta.
The exploit development process was quite challenging and we think that it's worth to share.
For educational purposes only.
Exploit Development: EzServer Buffer Overflow oleh Tom Gregoryzakiakhmad
EzServer adalah video server yang dapat melakukan stream dengan kualitas full HD ke berbagai mesin. Buffer overflow ditemukan pada aplikasi EzServer yang berjalan pada port 8000. Attacker dapat mengirimkan sejumlah kode berbahaya ke port 8000 dan mendapatkan akses setara dengan hak akses aplikasi EzServer. Pada kesempatan ini, penulis akan memaparkan proses pembuatan exploit terhadap aplikasi EzServer menggunakan Python.
Tom Gregory: Security consultant at Spentera, Metasploit exploit developer/contributor.
http://www.python.or.id/2013/04/kopi-darat-komunitas-python-indonesia.html
With this presentation I hope to show that using SPL doesn't require a PHD and that it really benefits your application design, maintainability and implements best practices to solve common development problems.
Perl is an interpreted language, meaning that a control program that understands the semantics of the language and its components (the interpreter) executes program components individually as they are encountered in the control flow.
Interpreted execution makes Perl flexible, convenient, and fast for programming, with some penalty paid in execution speed.
This presentation was presented at IT Audit & IT Security Meetup #4 at Indonesian Cloud, Jakarta.
The exploit development process was quite challenging and we think that it's worth to share.
For educational purposes only.
Exploit Development: EzServer Buffer Overflow oleh Tom Gregoryzakiakhmad
EzServer adalah video server yang dapat melakukan stream dengan kualitas full HD ke berbagai mesin. Buffer overflow ditemukan pada aplikasi EzServer yang berjalan pada port 8000. Attacker dapat mengirimkan sejumlah kode berbahaya ke port 8000 dan mendapatkan akses setara dengan hak akses aplikasi EzServer. Pada kesempatan ini, penulis akan memaparkan proses pembuatan exploit terhadap aplikasi EzServer menggunakan Python.
Tom Gregory: Security consultant at Spentera, Metasploit exploit developer/contributor.
http://www.python.or.id/2013/04/kopi-darat-komunitas-python-indonesia.html
This is an intermediate conversion course for C++, suitable for second year computing students who may have learned Java or another language in first year.
Edge Dalmacio, Co-Founder of Haybol.ph and Senior Software Engineer at Orange and Bronze, discusses JDK 7 Nio 2 at the PinoyJUG Java 7 Release Party.
www.orangeandbronze.com
In this tutorial, I take you through an important feature of Java: File Operations. We are going to take a look at Character and Byte Streams, some built-in Classes and their functionalities to be able to perform file operations. Then we are going to learn about a famous concept called exception handling. We are going to finalize this tutorial with Number Formatting.
Check out rest of the Tutorials: https://berksoysal.blogspot.com/2016/06/java-se-tutorials-basics-exercises.html
Xlab #1: Advantages of functional programming in Java 8XSolve
Presentation from xlab workshop about functional programming components introduced to the Java 8. How to operate the streams and lambdas in theory and practice.
The plumbing metaphor goes back 40 years to the beginning of Unix/Linux and still works today.
In this session the fundamentals of shell scripting will be illustrated through a cumulative example built on pipes, filters, valves, and screens. Environmentally friendly waste cleanup will also be covered.
(originally presented at YAPC::Europe::2007)
No-one is as critical about something as those that love it dearly. Mark Fowler has been collecting complaints from professional Perl developers for years about what warts still remain with the language when strict and warnings are turned on.
Are these problems unsolvable? A veteran Perl programmer himself Mark attempted to try and solve these issues - and then turned to the experts, the people who write books on Perl, the people who maintain the perl interpreter itself, for help.
This is what he learned...
This talk will show how it's possible to mock PerlOps using XS and provide a convenient Pure Perl hook for each of the file check -X.
Overload::FileCheck provides a way to mock one or more file checks. It is also possible to mock stat/lstat functions using "mock_all_from_stat" and let Overload::FileCheck mock for you for any other -X checks.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
1. Read and Write Files
with Perl
Paolo Marcatili - Programmazione 09-10
2. Agenda
> Perl IO
> Open a File
> Write on Files
> Read from Files
> While loop
2
Paolo Marcatili - Programmazione 09-10
3. Perl IO
(IO means Input/Output)
Paolo Marcatili - Programmazione 09-10
4. Why IO?
Since now, Perl is
#! /usr/bin/perl -w
use strict; <- ALWAYYYYYSSSS!!!
my $string=”All work and no play makes Jack a
dull boyn";
for (my $i=1;$i<100;$i++){
print $string;
}
4
Paolo Marcatili - Programmazione 09-10
5. Why IO?
But if we want to do the same
with a user-submitted string?
5
Paolo Marcatili - Programmazione 09-10
6. Why IO?
But if we want to do the same
with a user-submitted string?
IO can do this!
6
Paolo Marcatili - Programmazione 09-10
7. IO types
Main Inputs
> Keyboard
> File
> Errors
Main outputs
> Display
> File
7
Paolo Marcatili - Programmazione 09-10
8. More than tomatoes
Let’s try it:
#! /usr/bin/perl -w
use strict; my $string=<STDIN>;
for (my $i=1;$i<100;$i++){
print $string;
}
8
Paolo Marcatili - Programmazione 09-10
9. Rationale
Read from and write to different media
STDIN means standard input (keyboard)
^
this is a handle
<SMTH> means
“read from the source corresponding to handle SMTH”
9
Paolo Marcatili - Programmazione 09-10
10. Handles
Handles are just streams “nicknames”
Some of them are fixed:
STDIN <-default is keyboard
STDOUT <-default is display
STDERR <-default is display
Some are user defined (files)
10
Paolo Marcatili - Programmazione 09-10
12. open
We have to create a handle for our file
open(OUT, “>”,”out.txt”) or die(“Error opening out.txt: $!”);
^
N.B. : it’s user defined, you decide it
Tip
“<“,”out.txt” <- read from out.txt
“>”,”out.txt” <- write into out.txt
“>>”,”out.txt” <- append to out.txt
12
Paolo Marcatili - Programmazione 09-10
13. close
When finished we have to close it:
close OUT;
If you dont, Santa will bring no gift.
13
Paolo Marcatili - Programmazione 09-10
14. Print OUT
#! /usr/bin/perl -w
use strict;
open(OUT, ">”,”out.txt") || die("Error opening out.txt: $!");
print "type your claim:n";
my $string=<STDIN>;
for (my $i=1;$i<100;$i++){
print OUT $string;
}
close OUT;
Now let’s play with <,>,>> and file permissions
14
Paolo Marcatili - Programmazione 09-10
20. While - for differences
While For
> Undetermined > Determined
> No counter > Counter
20
Paolo Marcatili - Programmazione 09-10
21. While example
Approx. solution of x^2-2=0
(Newton’s method)
my $sol=0.5;
my $err=$sol**2-2;
while ($err>.1){
$sol-=($sol**2-2)/(2*$sol);
$err=$sol**2-2;
print “Error=$errn”;
}
21
Paolo Marcatili - Programmazione 09-10
22. Read with while
#! /usr/bin/perl -w
use strict;
open(MOD, "<IG.pdb") || die("Error opening
IG.pdb: $!");
while (my $line=<MOD>){
print substr($line,0,6)."n";
}
close MOD;
22
Paolo Marcatili - Programmazione 09-10
26. Command Line Arguments
> Command line arguments in Perl are extremely easy.
> @ARGV is the array that holds all arguments passed in from
the command line.
> Example:
> % ./prog.pl arg1 arg2 arg3
> @ARGV would contain ('arg1', arg2', 'arg3)
> $#ARGV returns the number of command line arguments that
have been passed.
> Remember $#array is the size of the array!
26
Paolo Marcatili - Programmazione 09-10
27. Quick Program with @ARGV
> Simple program called log.pl that takes in a number
and prints the log base 2 of that number;
#!/usr/local/bin/perl -w
$log = log($ARGV[0]) / log(2);
print “The log base 2 of $ARGV[0] is $log.n”;
> Run the program as follows:
> % log.pl 8
> This will return the following:
> The log base 2 of 8 is 3.
27
Paolo Marcatili - Programmazione 09-10
28. $_
> Perl default scalar value that is used when a
variable is not explicitly specified.
> Can be used in
> For Loops
> File Handling
> Regular Expressions
28
Paolo Marcatili - Programmazione 09-10
29. $_ and For Loops
> Example using $_ in a for loop
@array = ( “Perl”, “C”, “Java” );
for(@array) {
print $_ . “is a language I known”;
}
> Output :
Perl is a language I know.
C is a language I know.
Java is a language I know.
29
Paolo Marcatili - Programmazione 09-10
30. $_ and File Handlers
> Example in using $_ when reading in a file;
while( <> ) {
chomp $_; # remove the newline char
@array = split/ /, $_; # split the line on white space
# and stores data in an array
}
> Note:
> The line read in from the file is automatically store in the
default scalar variable $_
30
Paolo Marcatili - Programmazione 09-10
32. Opendir & readdir
> Just like open, but for dirs
# load all files of the "data/" folder into the @files array
opendir(DIR, ”$ARGV[0]");
@files = readdir(DIR);
closedir(DIR);
# build a unsorted list from the @files array:
print "<ul>";
foreach $file (@files) {
next if ($file eq "." or $file eq "..");
print "<li><a href="$file">$file</a></li>";
}
print "</ul>";
32
Paolo Marcatili - Programmazione 09-10