The document discusses Python jails (PyJails), which are CTF problems that provide a limited Python interpreter. The goal is typically to call restricted functions like os.system() or open() to access files. Common solutions leverage attributes of Python objects like __class__, __globals__, and __builtins__ to access the open() function despite restrictions. The document then provides an in-depth explanation of these Python object attributes and how they allow constructing a solution to bypass the restrictions in a PyJail.
This document provides an overview of the V8 JavaScript engine, including its compiler pipeline and optimization concepts. It discusses how V8 is used in Chrome and Node.js, and describes its compiler pipeline which includes parsing, abstract syntax trees, bytecode generation, and optimized code generation. It also covers V8 optimization concepts like hidden classes and inline caching that allow for fast property access and optimized code execution.
Exploring Next Generation Buildpacks - Anand Rao & Scott DeegVMware Tanzu
Cloud native buildpacks are pluggable, modular tools that translate source code into OCI container images. They provide portability, modularity, faster builds, and reproducible images. Buildpacks detect the application, define the build environment, and output the container image. They allow writing code and running apps with minimal effort. The demo will show buildpacks decomposing builds into groups and updating the OS layer for fast updates.
This document discusses package management systems. It defines packages as bundles of software and metadata. It describes package management systems as tools to automate installing, upgrading, configuring, and removing software packages. It discusses key concepts like dependencies and how different Linux distributions use different packaging systems like .deb, .rpm, and tools like apt, aptitude, dpkg, and rpm to manage packages. It also mentions how automatic updates can be configured to keep packages up to date.
BigData_TP1: Initiation à Hadoop et Map-ReduceLilia Sfaxi
Pour accéder aux fichiers nécessaires pour faire ce TP, visitez: https://drive.google.com/folderview?id=0Bz7DokLRQvx7M2JWZEt1VHdwSE0&usp=sharing
Pour plus de contenu, Visitez http://liliasfaxi.wix.com/liliasfaxi !
This document provides an overview of the V8 JavaScript engine, including its compiler pipeline and optimization concepts. It discusses how V8 is used in Chrome and Node.js, and describes its compiler pipeline which includes parsing, abstract syntax trees, bytecode generation, and optimized code generation. It also covers V8 optimization concepts like hidden classes and inline caching that allow for fast property access and optimized code execution.
Exploring Next Generation Buildpacks - Anand Rao & Scott DeegVMware Tanzu
Cloud native buildpacks are pluggable, modular tools that translate source code into OCI container images. They provide portability, modularity, faster builds, and reproducible images. Buildpacks detect the application, define the build environment, and output the container image. They allow writing code and running apps with minimal effort. The demo will show buildpacks decomposing builds into groups and updating the OS layer for fast updates.
This document discusses package management systems. It defines packages as bundles of software and metadata. It describes package management systems as tools to automate installing, upgrading, configuring, and removing software packages. It discusses key concepts like dependencies and how different Linux distributions use different packaging systems like .deb, .rpm, and tools like apt, aptitude, dpkg, and rpm to manage packages. It also mentions how automatic updates can be configured to keep packages up to date.
BigData_TP1: Initiation à Hadoop et Map-ReduceLilia Sfaxi
Pour accéder aux fichiers nécessaires pour faire ce TP, visitez: https://drive.google.com/folderview?id=0Bz7DokLRQvx7M2JWZEt1VHdwSE0&usp=sharing
Pour plus de contenu, Visitez http://liliasfaxi.wix.com/liliasfaxi !
For the full video of this presentation, please visit:
https://www.embedded-vision.com/platinum-members/embedded-vision-alliance/embedded-vision-training/videos/pages/may-2019-embedded-vision-summit-google
For more information about embedded vision, please visit:
http://www.embedded-vision.com
Pete Warden, Staff Research Engineer and TensorFlow Lite development lead at Google, presents the "Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers" tutorial at the May 2019 Embedded Vision Summit.
Is it possible to deploy deep learning models on low-cost, low-power microcontrollers? While it may be surprising, the answer is a definite “yes”! In this talk, Warden explains how the new TensorFlow Lite framework enables creating very lightweight DNN implementations suitable for execution on microcontrollers. He illustrates how this works using an example of a 20 Kbyte DNN model that performs speech wake word detection, and discusses how this generalizes to image-based use cases. Warden introduces TensorFlow Lite, and explores the key steps in implementing lightweight DNNs, including model design, data gathering, hardware platform choice, software implementation and optimization.
Dans cette session, vous apprendrez:
Les différences entre modéliser pour MongoDB versus une base de données relationnelle.
Une méthodologie pour modéliser pour MongoDB qui est adaptable aux projets simples, agiles ou plus complexes.
Quelques patrons de conception (design patterns) courants dans le développement d'applications avec MongoDB, dans le but de maximiser la performance.
The document provides an overview of the Domain Name System (DNS) including its history, key components, and configuration. DNS converts domain names to IP addresses and vice versa by using a distributed database with a hierarchical structure. The database is divided into zones stored on nameservers. Resolvers query nameservers to lookup names and return results to requesting programs. The document outlines the DNS namespace, nameservers, zones, resource records, configuration files, and utilities for testing and querying DNS.
This document discusses Device Tree, which is a data structure used to describe hardware platforms in Linux. It consists of a series of named nodes and properties. Device Tree is compiled from a Device Tree Source file (.dts) into a binary blob (.dtb) by a Device Tree Compiler. It allows hardware information to be passed to the operating system at boot time without needing to be encoded in code. The format and common uses of Device Tree are explained along with how drivers can probe for devices based on Device Tree properties and nodes.
This document provides best practices for using CMake, including:
- Set the cmake_minimum_required version to ensure modern features while maintaining backward compatibility.
- Use targets to define executables and libraries, their properties, and dependencies.
- Fetch remote dependencies at configure time using FetchContent or integrate with package managers like Conan.
- Import library targets rather than reimplementing Find modules when possible.
- Treat CUDA as a first-class language in CMake projects.
Gives a brief introduction of the emerging containerization technology, the difference in traditional VMs and Conatiners and the most popular one- Docker
This document provides an overview of Docker containers and their benefits. It discusses how containers provide isolation and portability for applications compared to virtual machines. The document outlines the history and growth of container technologies like Docker. It then covers how to build, ship, and run containerized applications on platforms like Docker, OpenShift, and Kubernetes. Use cases discussed include application development, modernization, and cloud migrations.
Arm device tree and linux device driversHoucheng Lin
This document discusses how the Linux kernel supports different ARM boards using a common source code base. It describes how device tree is used to describe hardware in a board-agnostic way. The kernel initializes machine-specific code via the device tree and initializes drivers by matching compatible strings. This allows a single kernel binary to support multiple boards by abstracting low-level hardware details into the device tree rather than the kernel source. The document also contrasts the ARM approach to the x86 approach, where BIOS abstraction and standardized buses allow one kernel to support most x86 hardware.
The document discusses Dockerfiles, which are used to build Docker images. A Dockerfile contains instructions like FROM, RUN, COPY, and CMD to set the base image, install dependencies, add files, and define the main process. Images are read-only layers built using these instructions. Dockerfiles can be built locally into images and published to repositories for sharing. Volumes are used to persist data outside the container.
The document discusses exploiting a buffer overflow vulnerability in Internet Explorer's VML implementation (MS06-055) to execute arbitrary code. It describes overwriting the structured exception handler to gain control of the instruction pointer, using heap spraying to load a buffer in memory, and having the instruction pointer jump to the buffer to execute shellcode and spawn a command shell. Metasploit is introduced as an open-source framework for developing exploits.
Linux is an open-source operating system that can be used as an alternative to proprietary operating systems like Windows. The document provides an overview of Linux, including its history beginning as a free Unix-like kernel developed by Linus Torvalds. It discusses the GNU project and how Linux combined with GNU software to form a complete free operating system. Additionally, it covers topics like Debian Linux, package management, GUI and CLI interfaces, and basic Linux commands.
Présentation portant sur le système de virtualisation Docker.
Langue : Français.
Auteur : Colin LEVERGER, me@colinleverger.fr, merci de citer vos sources ;)
Sources : Wikipedia / Docker site officiel : https://www.docker.com/
Buildroot is a tool that generates embedded Linux systems by automating the configuration, compilation, and packaging of the system. It produces a root filesystem image ready to deploy on the target architecture. The build process compiles packages and a cross-compilation toolchain, then generates images containing the root filesystem, kernel, and other files needed by the target system. The output of Buildroot is organized into subdirectories containing the built images, toolchain, target and host files, and a staging area simulating the target filesystem.
Gerenciamento de Backups PostgreSQL com pgbarmanJuliano Atanazio
O documento descreve o uso da ferramenta pgbarman para gerenciamento de backups do PostgreSQL. O pgbarman permite fazer backups remotos de múltiplos servidores PostgreSQL, auxiliando DBAs na recuperação de dados. É apresentada a instalação, configuração e uso básico do pgbarman, incluindo a criação de servidores, listagem de configurações e backups.
The document discusses the architecture of the Linux operating system. It is composed of the kernel, shell, and application programs. The kernel manages hardware resources and provides access to them for user programs through system calls. The shell acts as the interface between the user and kernel, translating commands into actions. Application programs are executed by users to perform tasks. System calls allow processes to communicate with the kernel to access hardware resources and perform functions like opening and writing files.
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
Talk for USENIX/LISA2014 by Brendan Gregg, Netflix. At Netflix performance is crucial, and we use many high to low level tools to analyze our stack in different ways. In this talk, I will introduce new system observability tools we are using at Netflix, which I've ported from my DTraceToolkit, and are intended for our Linux 3.2 cloud instances. These show that Linux can do more than you may think, by using creative hacks and workarounds with existing kernel features (ftrace, perf_events). While these are solving issues on current versions of Linux, I'll also briefly summarize the future in this space: eBPF, ktap, SystemTap, sysdig, etc.
Java and Python are compared on various aspects such as verbosity, object orientation, and execution model.
Python is found to be more concise and readable than Java for many common tasks like file I/O and logical expressions. However, Java's static typing enables safer refactoring. Both support inheritance but Python allows multiple inheritance and "duck typing".
The execution model differs as well - in Python, code is executed as it is loaded while Java separates loading, initialization and execution. This makes features like monkey patching possible in Python.
In the end, the developer is more important than the language. While each has strengths, the presenter currently prefers Python for its pragmatism and conciseness.
Software Bertillonage: Finding the Provenance of an Entitymigod
Slides from the paper presented at the 2011 IEEE Intl Conf on Mining Software Repositories, by Julius Davies, Daniel German, Mike Godfrey, and Abram Hindle
For the full video of this presentation, please visit:
https://www.embedded-vision.com/platinum-members/embedded-vision-alliance/embedded-vision-training/videos/pages/may-2019-embedded-vision-summit-google
For more information about embedded vision, please visit:
http://www.embedded-vision.com
Pete Warden, Staff Research Engineer and TensorFlow Lite development lead at Google, presents the "Using TensorFlow Lite to Deploy Deep Learning on Cortex-M Microcontrollers" tutorial at the May 2019 Embedded Vision Summit.
Is it possible to deploy deep learning models on low-cost, low-power microcontrollers? While it may be surprising, the answer is a definite “yes”! In this talk, Warden explains how the new TensorFlow Lite framework enables creating very lightweight DNN implementations suitable for execution on microcontrollers. He illustrates how this works using an example of a 20 Kbyte DNN model that performs speech wake word detection, and discusses how this generalizes to image-based use cases. Warden introduces TensorFlow Lite, and explores the key steps in implementing lightweight DNNs, including model design, data gathering, hardware platform choice, software implementation and optimization.
Dans cette session, vous apprendrez:
Les différences entre modéliser pour MongoDB versus une base de données relationnelle.
Une méthodologie pour modéliser pour MongoDB qui est adaptable aux projets simples, agiles ou plus complexes.
Quelques patrons de conception (design patterns) courants dans le développement d'applications avec MongoDB, dans le but de maximiser la performance.
The document provides an overview of the Domain Name System (DNS) including its history, key components, and configuration. DNS converts domain names to IP addresses and vice versa by using a distributed database with a hierarchical structure. The database is divided into zones stored on nameservers. Resolvers query nameservers to lookup names and return results to requesting programs. The document outlines the DNS namespace, nameservers, zones, resource records, configuration files, and utilities for testing and querying DNS.
This document discusses Device Tree, which is a data structure used to describe hardware platforms in Linux. It consists of a series of named nodes and properties. Device Tree is compiled from a Device Tree Source file (.dts) into a binary blob (.dtb) by a Device Tree Compiler. It allows hardware information to be passed to the operating system at boot time without needing to be encoded in code. The format and common uses of Device Tree are explained along with how drivers can probe for devices based on Device Tree properties and nodes.
This document provides best practices for using CMake, including:
- Set the cmake_minimum_required version to ensure modern features while maintaining backward compatibility.
- Use targets to define executables and libraries, their properties, and dependencies.
- Fetch remote dependencies at configure time using FetchContent or integrate with package managers like Conan.
- Import library targets rather than reimplementing Find modules when possible.
- Treat CUDA as a first-class language in CMake projects.
Gives a brief introduction of the emerging containerization technology, the difference in traditional VMs and Conatiners and the most popular one- Docker
This document provides an overview of Docker containers and their benefits. It discusses how containers provide isolation and portability for applications compared to virtual machines. The document outlines the history and growth of container technologies like Docker. It then covers how to build, ship, and run containerized applications on platforms like Docker, OpenShift, and Kubernetes. Use cases discussed include application development, modernization, and cloud migrations.
Arm device tree and linux device driversHoucheng Lin
This document discusses how the Linux kernel supports different ARM boards using a common source code base. It describes how device tree is used to describe hardware in a board-agnostic way. The kernel initializes machine-specific code via the device tree and initializes drivers by matching compatible strings. This allows a single kernel binary to support multiple boards by abstracting low-level hardware details into the device tree rather than the kernel source. The document also contrasts the ARM approach to the x86 approach, where BIOS abstraction and standardized buses allow one kernel to support most x86 hardware.
The document discusses Dockerfiles, which are used to build Docker images. A Dockerfile contains instructions like FROM, RUN, COPY, and CMD to set the base image, install dependencies, add files, and define the main process. Images are read-only layers built using these instructions. Dockerfiles can be built locally into images and published to repositories for sharing. Volumes are used to persist data outside the container.
The document discusses exploiting a buffer overflow vulnerability in Internet Explorer's VML implementation (MS06-055) to execute arbitrary code. It describes overwriting the structured exception handler to gain control of the instruction pointer, using heap spraying to load a buffer in memory, and having the instruction pointer jump to the buffer to execute shellcode and spawn a command shell. Metasploit is introduced as an open-source framework for developing exploits.
Linux is an open-source operating system that can be used as an alternative to proprietary operating systems like Windows. The document provides an overview of Linux, including its history beginning as a free Unix-like kernel developed by Linus Torvalds. It discusses the GNU project and how Linux combined with GNU software to form a complete free operating system. Additionally, it covers topics like Debian Linux, package management, GUI and CLI interfaces, and basic Linux commands.
Présentation portant sur le système de virtualisation Docker.
Langue : Français.
Auteur : Colin LEVERGER, me@colinleverger.fr, merci de citer vos sources ;)
Sources : Wikipedia / Docker site officiel : https://www.docker.com/
Buildroot is a tool that generates embedded Linux systems by automating the configuration, compilation, and packaging of the system. It produces a root filesystem image ready to deploy on the target architecture. The build process compiles packages and a cross-compilation toolchain, then generates images containing the root filesystem, kernel, and other files needed by the target system. The output of Buildroot is organized into subdirectories containing the built images, toolchain, target and host files, and a staging area simulating the target filesystem.
Gerenciamento de Backups PostgreSQL com pgbarmanJuliano Atanazio
O documento descreve o uso da ferramenta pgbarman para gerenciamento de backups do PostgreSQL. O pgbarman permite fazer backups remotos de múltiplos servidores PostgreSQL, auxiliando DBAs na recuperação de dados. É apresentada a instalação, configuração e uso básico do pgbarman, incluindo a criação de servidores, listagem de configurações e backups.
The document discusses the architecture of the Linux operating system. It is composed of the kernel, shell, and application programs. The kernel manages hardware resources and provides access to them for user programs through system calls. The shell acts as the interface between the user and kernel, translating commands into actions. Application programs are executed by users to perform tasks. System calls allow processes to communicate with the kernel to access hardware resources and perform functions like opening and writing files.
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
Talk for USENIX/LISA2014 by Brendan Gregg, Netflix. At Netflix performance is crucial, and we use many high to low level tools to analyze our stack in different ways. In this talk, I will introduce new system observability tools we are using at Netflix, which I've ported from my DTraceToolkit, and are intended for our Linux 3.2 cloud instances. These show that Linux can do more than you may think, by using creative hacks and workarounds with existing kernel features (ftrace, perf_events). While these are solving issues on current versions of Linux, I'll also briefly summarize the future in this space: eBPF, ktap, SystemTap, sysdig, etc.
Java and Python are compared on various aspects such as verbosity, object orientation, and execution model.
Python is found to be more concise and readable than Java for many common tasks like file I/O and logical expressions. However, Java's static typing enables safer refactoring. Both support inheritance but Python allows multiple inheritance and "duck typing".
The execution model differs as well - in Python, code is executed as it is loaded while Java separates loading, initialization and execution. This makes features like monkey patching possible in Python.
In the end, the developer is more important than the language. While each has strengths, the presenter currently prefers Python for its pragmatism and conciseness.
Software Bertillonage: Finding the Provenance of an Entitymigod
Slides from the paper presented at the 2011 IEEE Intl Conf on Mining Software Repositories, by Julius Davies, Daniel German, Mike Godfrey, and Abram Hindle
Slides for Lecture 5 of the course: Introduction to Programming with Python offered at ICCBS.
It covers the following topics:
1.)Python Modules
2.)File I/O
3.)Exceptions & Error Handling
Biopython is a set of freely available Python tools for bioinformatics and molecular biology. It provides features like parsing bioinformatics files into Python structures, a sequence class to store sequences and features, and interfaces to popular bioinformatics programs. Biopython can be used to address common bioinformatics problems like sequence manipulation, searching for primers, and running BLAST searches. The current version is 1.53 from December 2009 and future plans include updating the multiple sequence alignment object and adding a Bio.Phylo module.
These questions will be a bit advanced level 2sadhana312471
These questions will be a bit advanced(Intermediate) in terms of Python interview.
This is the continuity of Nail the Python Interview Questions.
The fields that these questions will help you in are:
• Python Developer
• Data Analyst
• Research Analyst
• Data Scientist
This document provides an overview of input/output operations in Java using the java.io package. It discusses streams and channels, file I/O, reading and writing files, serialization, and the Observer and Observable interfaces. The key classes covered include File, PrintWriter, Scanner, InputStream, OutputStream, Reader, Writer, Buffer, Channel, and classes for serialization. Examples are provided for reading and writing files using byte streams, character streams, buffers, and channels.
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's ...EnlightenmentProject
[E-Dev-Day 2014][4/16] Review of Eolian, Eo, Bindings, Interfaces and What's to Come
at Enlightenment Developers Day 2014
https://phab.enlightenment.org/w/events/enlightenment_developer_day_2014/
ADO.NET is a data access technology from Microsoft that provides communication between relational and non-relational systems through common components. It allows programs written in different languages to share classes and uses object-oriented programming principles. Key classes in ADO.NET include Connection, which controls connections to databases, and Dataset, which offers common functions for metadata. Serialization converts objects to bytes for storage or transmission, while deserialization reconstructs objects from data.
Object Oriented Programming, Networking, and Linux/Unix commands were discussed. Key points included: defining classes and instantiating objects in Python, class variables and methods, inheritance and method overriding, networking terminology like DNS and VPN, common Linux shell commands like ls, cd, grep, and piping commands together. Networking concepts like LAN, MAN, WAN and the basic communication flow of requests and responses were also covered.
This document provides an industrial training presentation on Python programming. It introduces Python, explaining that it is an interpreted, object-oriented, high-level programming language. It then covers why Python is used, its basic data types like numbers, strings, lists, dictionaries, tuples and sets. The presentation also discusses Python concepts like conditionals, loops, functions, exceptions, file handling, object-oriented programming and databases. It concludes that Python supports both procedural and object-oriented programming and can be universally accepted. References for further reading are also included.
C++ is an object-oriented programming language that is an incremented version of C with classes added. Some key differences between C and C++ are that C++ uses object-oriented programming with classes that can contain both data and functions, while C focuses more on procedures/functions and allows any function to access data. The document then discusses the basic concepts of object-oriented programming in C++ including classes, objects, polymorphism, inheritance, encapsulation, and data abstraction. It provides examples of classes, objects, reference variables, default arguments, and dynamic memory allocation in C++.
This document discusses Java file input/output and streams. It covers the core stream classes like InputStream, OutputStream, Reader and Writer and their subclasses. File and FileInputStream/FileOutputStream allow working with files and directories on the file system. The key abstraction is streams, which are linked to physical devices and provide a way to send and receive data through classes that perform input or output of bytes or characters.
Python Foundation – A programmer's introduction to Python concepts & styleKevlin Henney
This document provides an overview of a Python Foundation course that introduces Python concepts and programming style. The course covers Python history and culture, multi-paradigm programming in Python including procedural, modular, scripting, object-oriented and functional styles. It also covers Python syntax, logic and flow control, built-in data types, classes and objects. The course includes coding experiments, programming labs and homework assignments.
This document provides an overview of Java utilities and collection classes. It discusses the Java Math class and methods for numeric operations. It also describes wrapper classes for primitive data types and lists the eight primitive types in Java. Finally, it provides an example of using the Collections class to sort, reverse, shuffle a list and check element frequencies.
The document discusses key concepts in C++ classes including encapsulation, information hiding, access specifiers, and constructors. It defines a class as a way to combine attributes and behaviors of real-world objects into a single unit. A class uses encapsulation to associate code and data, and information hiding to secure data from direct access. Access specifiers like public, private, and protected determine member visibility. Constructors are special member functions that initialize objects upon instantiation.
The document provides an introduction to the Python programming language. It discusses what Python is, its creator Guido van Rossum, and how to write a simple "Hello World" program. It also covers Python data types, operators, flow control using conditionals and loops, functions, input/output operations, and the Zen of Python philosophy guiding Python's design. The document serves as the first day of instruction in a Python course.
The document discusses various Java I/O streams including input streams, output streams, byte streams, character streams, buffered streams, properties class, print stream, file locking, serialization and print writer class. It provides examples of reading and writing files using FileInputStream, FileOutputStream, FileReader, FileWriter and other stream classes. Methods of different stream classes are also explained along with their usage.
The document discusses Python objects and types. It covers key concepts like object-oriented programming in Python, classes and instances, namespaces, scoping, and exception handling. Some main points include:
- Everything in Python is an object with an identity, type, and value. Objects live in dynamic namespaces and can be accessed via names.
- Classes are type objects that act as templates for creating instances when called. Instances are objects with the same methods and attributes as its class.
- Namespaces are where names are mapped to objects. Python has module, class, and instance namespaces that follow LEGB scoping rules.
- Exceptions are class objects that inherit from the built-in Exception class. The raise statement is used
This document provides information on input/output operations, file handling, and serialization in Java. It discusses Java's input and output streams for reading and writing bytes and characters. It describes classes for working with files like File, FileInputStream, FileOutputStream, FileReader, and FileWriter. Examples are given for reading from and writing to files and the console. The document also introduces serialization in Java for converting objects to byte streams for storage or transmission.
This document provides information about the Computer Security Group (CSG) Spring 2022 kickoff event. It introduces CSG as a weekly security-focused student group. It also describes the Scholarship for Service program, lists the CSG leadership team, and advertises upcoming technical talks on topics like embedded systems, Python, anonymity, and fuzzing. Members are encouraged to attend weekly meetings, join the Discord server, and suggest additional talk topics.
This document provides an introduction to cloud computing, including what cloud is, its benefits and drawbacks, common cloud service models (SaaS, PaaS, IaaS), major cloud providers, and common cloud computing services. Key cloud computing services discussed include compute services (like AWS EC2 and Google Compute Engine), databases, storage, and additional AI/ML and serverless services. The document also highlights some free cloud credits and resources available for students.
1. The document discusses various methods for gaining domain administrator privileges on a Windows domain, including exploiting the domain's architecture, abusing Active Directory services like Kerberos, and cracking Kerberos tickets.
2. It provides three attack scenarios: leveraging internal access and the BloodHound tool, performing an NTLM relay attack against WebDAV to setup delegation, and directly cracking Kerberos tickets by requesting tickets for service principal names.
3. The document recommends demonstrating these attacks against a test environment to gain hands-on experience compromising a Windows domain from different starting points.
Python is an interpreted programming language that can be used for many purposes including security related tasks. It was created in the late 1980s by Guido van Rossum and named after the Monty Python comedy group. There are differences between Python versions 2.7 and 3.0, such as print becoming a function in 3.0. Python has an interactive shell environment that allows users to run commands and an extensive standard library including data types like lists, tuples, sets and dictionaries. Libraries like pwntools and PyCryptodome provide functionality for tasks like exploit development and cryptography.
This document provides an introduction and overview of various topics related to cybersecurity including programming languages, operating systems, networks, penetration testing tools, defensive tools, and security certifications. It also lists upcoming cybersecurity events at the school including an intern fair, career fair, engineering week, capture the flag competition, and security operations center competition. Students are invited to sign in using a QR code or URL to participate in resume critiques and learn more.
Bash is a command line shell that allows users to interact with and manage a Linux operating system. It can be used to edit files and system configurations, monitor and manage processes, run scripts, and more. Common bash commands include ls to list directories, cd to change directories, cat to output file contents, and man to view command manuals. The demo section provides a hands-on experience using bash commands.
1. The document discusses web exploitation and provides tips for assessing what functionality a server may have and how to test for vulnerabilities.
2. It lists common server-side technologies like PHP, Python, NodeJS that have been exploited in past events, and encourages researching assumed functionality and how others may have previously exploited similar systems.
3. The document emphasizes that web exploitation involves searching and researching to understand what a server can do in response to inputs, as its functionality may not always be obvious, in order to discover ways to read files or execute code remotely.
This document provides an overview of network exploitation, including types of networks, network environments, internal vs external networks, network enumeration tools, and attack routing. It announces upcoming events and provides details about local area networks (LANs), wide area networks (WANs), metropolitan area networks (MANs), corporate and personal network environments, using Nmap and Nessus for scanning, and pivoting through internal networks from external points.
1. The document discusses the steps of a penetration test against a target machine called Celestial on the Hack the Box platform.
2. It outlines reconnaissance, enumeration through Nmap scanning, exploitation to gain initial access, escalation of privileges from user to root, establishing persistence, and clean-up to remove traces of access.
3. The target is an Linux machine at IP 10.10.10.85, and the session will walk through each step of the penetration test process.
This presentation gives an overview of many different encryption and encoding schemes. The content ranges from simple encodings, such as ASCII text represented as decimals to classical ciphers, such as Caesar and Vigenere ciphers to modern encryption standards, such as the Data Encryption Standard (DES) and Advanced Encryption Standard (AES). For modern encryption, there are many different implementation flaws that are discussed in the presentation as well as a few ideas for how to correct those flaws. At the end of the presentation, some thought questions are provided.
We continue where we left off from Part 1. This section covers 2 main topics, debugging libraries and fuzzer design. For debugging libraries we go over PyDBG and WinAppDbg, discussing basic to intermediate examples, and when you might want to use one instead of the other. After that, fuzzer design is discussed, including goals, design choices, architecture, etc. Some code samples are shown from my fuzzer, along with a github link for those who are interested.
This document provides an introduction to software exploitation on Linux 32-bit systems. It covers common exploitation techniques like buffer overflows, format strings, and ret2libc attacks. It discusses the Linux memory layout and stack structure. It explains buffer overflows on the stack and heap, and how to leverage them to alter control flow and execute arbitrary code. It also covers the format string vulnerability and how to leak information or write to arbitrary memory locations. Tools mentioned include GDB, exploit-exercises, and Python. Overall it serves as a crash course on the basic techniques and concepts for Linux exploitation.
This is part 1 of fuzzing, an introduction to the subject. This presentation covers some of theory and thought process behind the subject, as well as an introduction to environment variable fuzzing and file format fuzzing.
The document summarizes how to exploit a heap-based buffer overflow vulnerability in the Protostar Heap 3 challenge. It describes using the Doug Lea malloc implementation, modifying chunk size metadata to change program execution, overwriting pointers to hijack control flow, and crafting 12-byte shellcode to jump to a "winner()" function and complete the exploit.
We introduce the fundamentals of dynamic memory allocation and highlight several exploitable properties. These ideas are put into practice in a set of heap overflow challenges from exploit-exercise.com's Protostar VM. We walk through the first three. Other uses of heap space such as heap spraying are mentioned.
Introduction to return oriented programming. Explanation of how to use instruction sequences already existing in an executable's memory space to manipulate control flow without injecting external payload.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELgerogepatton
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
Literature Review Basics and Understanding Reference Management.pptxDr Ramhari Poudyal
Three-day training on academic research focuses on analytical tools at United Technical College, supported by the University Grant Commission, Nepal. 24-26 May 2024
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMHODECEDSIET
Time Division Multiplexing (TDM) is a method of transmitting multiple signals over a single communication channel by dividing the signal into many segments, each having a very short duration of time. These time slots are then allocated to different data streams, allowing multiple signals to share the same transmission medium efficiently. TDM is widely used in telecommunications and data communication systems.
### How TDM Works
1. **Time Slots Allocation**: The core principle of TDM is to assign distinct time slots to each signal. During each time slot, the respective signal is transmitted, and then the process repeats cyclically. For example, if there are four signals to be transmitted, the TDM cycle will divide time into four slots, each assigned to one signal.
2. **Synchronization**: Synchronization is crucial in TDM systems to ensure that the signals are correctly aligned with their respective time slots. Both the transmitter and receiver must be synchronized to avoid any overlap or loss of data. This synchronization is typically maintained by a clock signal that ensures time slots are accurately aligned.
3. **Frame Structure**: TDM data is organized into frames, where each frame consists of a set of time slots. Each frame is repeated at regular intervals, ensuring continuous transmission of data streams. The frame structure helps in managing the data streams and maintaining the synchronization between the transmitter and receiver.
4. **Multiplexer and Demultiplexer**: At the transmitting end, a multiplexer combines multiple input signals into a single composite signal by assigning each signal to a specific time slot. At the receiving end, a demultiplexer separates the composite signal back into individual signals based on their respective time slots.
### Types of TDM
1. **Synchronous TDM**: In synchronous TDM, time slots are pre-assigned to each signal, regardless of whether the signal has data to transmit or not. This can lead to inefficiencies if some time slots remain empty due to the absence of data.
2. **Asynchronous TDM (or Statistical TDM)**: Asynchronous TDM addresses the inefficiencies of synchronous TDM by allocating time slots dynamically based on the presence of data. Time slots are assigned only when there is data to transmit, which optimizes the use of the communication channel.
### Applications of TDM
- **Telecommunications**: TDM is extensively used in telecommunication systems, such as in T1 and E1 lines, where multiple telephone calls are transmitted over a single line by assigning each call to a specific time slot.
- **Digital Audio and Video Broadcasting**: TDM is used in broadcasting systems to transmit multiple audio or video streams over a single channel, ensuring efficient use of bandwidth.
- **Computer Networks**: TDM is used in network protocols and systems to manage the transmission of data from multiple sources over a single network medium.
### Advantages of TDM
- **Efficient Use of Bandwidth**: TDM all
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
1. Prison Snake
A broad dive into the object structure of Python and the functionality
behind PyJail solutions
Charles Averill
Computer Security Group
The University of Texas at Dallas
February 2022
Charles Averill (UTD) Prison Snake February 2022
2. What is a PyJail?
A common CTF problem in which a Python interpreter with limited
functionality is provided to the user
Charles Averill (UTD) Prison Snake February 2022
3. What is a PyJail?
A common CTF problem in which a Python interpreter with limited
functionality is provided to the user
Goal is typically to call os.system(), open(), or another similar
function that provides access to file-reading abilities
Charles Averill (UTD) Prison Snake February 2022
4. What is a PyJail?
A common CTF problem in which a Python interpreter with limited
functionality is provided to the user
Goal is typically to call os.system(), open(), or another similar
function that provides access to file-reading abilities
Common restrictions involve removing keywords such as import,
blocking any input containing the text open, preventing any function
calls outside of print, etc.
Charles Averill (UTD) Prison Snake February 2022
5. What is a PyJail?
A common CTF problem in which a Python interpreter with limited
functionality is provided to the user
Goal is typically to call os.system(), open(), or another similar
function that provides access to file-reading abilities
Common restrictions involve removing keywords such as import,
blocking any input containing the text open, preventing any function
calls outside of print, etc.
As a result of these limitations, solutions usually look something like
().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read()
Charles Averill (UTD) Prison Snake February 2022
6. What is a PyJail?
A common CTF problem in which a Python interpreter with limited
functionality is provided to the user
Goal is typically to call os.system(), open(), or another similar
function that provides access to file-reading abilities
Common restrictions involve removing keywords such as import,
blocking any input containing the text open, preventing any function
calls outside of print, etc.
As a result of these limitations, solutions usually look something like
().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read()
This is crazy! The solution seems arbitrary but there is logic behind
each attribute chosen in this solution. We will discover why solutions
like this work, and why this functionality exists.
Charles Averill (UTD) Prison Snake February 2022
7. What is CPython?
The official reference implementation of the Python programming
language
Charles Averill (UTD) Prison Snake February 2022
8. What is CPython?
The official reference implementation of the Python programming
language
Written in a combo of C and Python
Charles Averill (UTD) Prison Snake February 2022
9. What is CPython?
The official reference implementation of the Python programming
language
Written in a combo of C and Python
Compiles Python to bytecode (.pyc files) to be interpreted later, so
technically a compiler and interpreter
Charles Averill (UTD) Prison Snake February 2022
10. What is CPython?
The official reference implementation of the Python programming
language
Written in a combo of C and Python
Compiles Python to bytecode (.pyc files) to be interpreted later, so
technically a compiler and interpreter
.pyc files are (mostly) CPython-specific. Other Python compilers
generate other formats (Jython generates .class files, Cython generates
C files that are compiled to binaries, etc)
Charles Averill (UTD) Prison Snake February 2022
11. What is CPython?
The official reference implementation of the Python programming
language
Written in a combo of C and Python
Compiles Python to bytecode (.pyc files) to be interpreted later, so
technically a compiler and interpreter
.pyc files are (mostly) CPython-specific. Other Python compilers
generate other formats (Jython generates .class files, Cython generates
C files that are compiled to binaries, etc)
Defines lots of hooks and handles available from the Python
interpreter to access CPython types and structs and such
Charles Averill (UTD) Prison Snake February 2022
12. What is CPython?
The official reference implementation of the Python programming
language
Written in a combo of C and Python
Compiles Python to bytecode (.pyc files) to be interpreted later, so
technically a compiler and interpreter
.pyc files are (mostly) CPython-specific. Other Python compilers
generate other formats (Jython generates .class files, Cython generates
C files that are compiled to binaries, etc)
Defines lots of hooks and handles available from the Python
interpreter to access CPython types and structs and such
Contains implementations of builtin functions, mostly written in C for
speed
Charles Averill (UTD) Prison Snake February 2022
13. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Charles Averill (UTD) Prison Snake February 2022
14. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Objects, Instances, and Classes have the following attributes:
Charles Averill (UTD) Prison Snake February 2022
15. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Objects, Instances, and Classes have the following attributes:
object.__dict__: Dictionary containing writable attributes of an
Object definition
Charles Averill (UTD) Prison Snake February 2022
16. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Objects, Instances, and Classes have the following attributes:
object.__dict__: Dictionary containing writable attributes of an
Object definition
instance.__class__: The Class an instance belongs to
Charles Averill (UTD) Prison Snake February 2022
17. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Objects, Instances, and Classes have the following attributes:
object.__dict__: Dictionary containing writable attributes of an
Object definition
instance.__class__: The Class an instance belongs to
class.__bases__: Tuple containing base classes of an object
Charles Averill (UTD) Prison Snake February 2022
18. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Objects, Instances, and Classes have the following attributes:
object.__dict__: Dictionary containing writable attributes of an
Object definition
instance.__class__: The Class an instance belongs to
class.__bases__: Tuple containing base classes of an object
class.__mro__: Tuple containing possible base Classes (usually
contains base Classes and the Class itself)
Charles Averill (UTD) Prison Snake February 2022
19. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Objects, Instances, and Classes have the following attributes:
object.__dict__: Dictionary containing writable attributes of an
Object definition
instance.__class__: The Class an instance belongs to
class.__bases__: Tuple containing base classes of an object
class.__mro__: Tuple containing possible base Classes (usually
contains base Classes and the Class itself)
class.__subclasses__(): List containing any subclasses derived
from the Class
Charles Averill (UTD) Prison Snake February 2022
20. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Objects, Instances, and Classes have the following attributes:
object.__dict__: Dictionary containing writable attributes of an
Object definition
instance.__class__: The Class an instance belongs to
class.__bases__: Tuple containing base classes of an object
class.__mro__: Tuple containing possible base Classes (usually
contains base Classes and the Class itself)
class.__subclasses__(): List containing any subclasses derived
from the Class
Why should anyone care?
Charles Averill (UTD) Prison Snake February 2022
21. Python Object Characteristics
Files : Linux :: Objects : Python (Everything in Python is an Object)
Objects, Instances, and Classes have the following attributes:
object.__dict__: Dictionary containing writable attributes of an
Object definition
instance.__class__: The Class an instance belongs to
class.__bases__: Tuple containing base classes of an object
class.__mro__: Tuple containing possible base Classes (usually
contains base Classes and the Class itself)
class.__subclasses__(): List containing any subclasses derived
from the Class
Why should anyone care?
These are the building blocks of a PyJail solution, and the
architecture of the language itself. Having a deep understanding of
these attributes will always guide you to the solution.
Charles Averill (UTD) Prison Snake February 2022
22. The Object Class, __globals__
The base Class of all Classes excluding itself (Object has no base
Class)
Charles Averill (UTD) Prison Snake February 2022
23. The Object Class, __globals__
The base Class of all Classes excluding itself (Object has no base
Class)
The Object class has a few defined functions, but they are special
method-wrappers
Charles Averill (UTD) Prison Snake February 2022
24. The Object Class, __globals__
The base Class of all Classes excluding itself (Object has no base
Class)
The Object class has a few defined functions, but they are special
method-wrappers
method-wrapper is a type used by CPython to denote a function
that is compiled with C. This makes sense for a base component of
Python such as Object.
Charles Averill (UTD) Prison Snake February 2022
25. The Object Class, __globals__
The base Class of all Classes excluding itself (Object has no base
Class)
The Object class has a few defined functions, but they are special
method-wrappers
method-wrapper is a type used by CPython to denote a function
that is compiled with C. This makes sense for a base component of
Python such as Object.
Conclusion? We can’t use Object on its own to help us call other
functions
Charles Averill (UTD) Prison Snake February 2022
26. The Object Class, __globals__
Recall that Classes can utilize __subclasses__() to get a list of
Classes derived from them.
Charles Averill (UTD) Prison Snake February 2022
27. The Object Class, __globals__
Recall that Classes can utilize __subclasses__() to get a list of
Classes derived from them.
Object class has all Classes as subclasses
Charles Averill (UTD) Prison Snake February 2022
28. The Object Class, __globals__
Recall that Classes can utilize __subclasses__() to get a list of
Classes derived from them.
Object class has all Classes as subclasses (This terminology makes my
head hurt)
__globals__: Global attributes accessible within any valid Python
scope (hint: methods of classes are valid Python scopes)
Charles Averill (UTD) Prison Snake February 2022
29. The Object Class, __globals__
Recall that Classes can utilize __subclasses__() to get a list of
Classes derived from them.
Object class has all Classes as subclasses (This terminology makes my
head hurt)
__globals__: Global attributes accessible within any valid Python
scope (hint: methods of classes are valid Python scopes)
__builtins__: Functions written in either C or Python that are
built-in to the language, and accessible through the global scope
Charles Averill (UTD) Prison Snake February 2022
30. The Object Class, __globals__
Recall that Classes can utilize __subclasses__() to get a list of
Classes derived from them.
Object class has all Classes as subclasses (This terminology makes my
head hurt)
__globals__: Global attributes accessible within any valid Python
scope (hint: methods of classes are valid Python scopes)
__builtins__: Functions written in either C or Python that are
built-in to the language, and accessible through the global scope
These builtin functions include open() (the simplest way to open a
file)
Charles Averill (UTD) Prison Snake February 2022
31. The Object Class, __globals__
Recall that Classes can utilize __subclasses__() to get a list of
Classes derived from them.
Object class has all Classes as subclasses (This terminology makes my
head hurt)
__globals__: Global attributes accessible within any valid Python
scope (hint: methods of classes are valid Python scopes)
__builtins__: Functions written in either C or Python that are
built-in to the language, and accessible through the global scope
These builtin functions include open() (the simplest way to open a file)
They also include other useful things like __import__() which are
good for PyJails with other restrictions
Charles Averill (UTD) Prison Snake February 2022
32. The Object Class, __globals__
Recall that Classes can utilize __subclasses__() to get a list of
Classes derived from them.
Object class has all Classes as subclasses (This terminology makes my
head hurt)
__globals__: Global attributes accessible within any valid Python
scope (hint: methods of classes are valid Python scopes)
__builtins__: Functions written in either C or Python that are
built-in to the language, and accessible through the global scope
These builtin functions include open() (the simplest way to open a file)
They also include other useful things like __import__() which are
good for PyJails with other restrictions
In my installation of Python 3.10, there are 544 classes with
Python-implemented methods (so they have __globals__ as a derived
attribute)
Charles Averill (UTD) Prison Snake February 2022
34. Solving our PyJail
We looked at this PyJail solution at the beginning:
().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read()
Charles Averill (UTD) Prison Snake February 2022
35. Solving our PyJail
We looked at this PyJail solution at the beginning:
().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read()
Let’s decode this solution
Charles Averill (UTD) Prison Snake February 2022
36. Solving our PyJail
We looked at this PyJail solution at the beginning:
().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read()
Let’s decode this solution
().__class__.__base__: Creates a blank Tuple object, accesses its
class (Tuple) and then Tuple’s sole base class (Object)
Charles Averill (UTD) Prison Snake February 2022
37. Solving our PyJail
We looked at this PyJail solution at the beginning:
().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read()
Let’s decode this solution
().__class__.__base__: Creates a blank Tuple object, accesses its
class (Tuple) and then Tuple’s sole base class (Object)
__subclasses__()[134].__init__.__globals__: Accesses the
134th subclass of the Object class (in my installation, this is the
Printer class), uses its Python-defined __init__ function to access
the global scope
Charles Averill (UTD) Prison Snake February 2022
38. Solving our PyJail
We looked at this PyJail solution at the beginning:
().__class__.__base__.__subclasses__()[134].__init__.__globals__[”__builtins__”][”open”](”./key”, ”r”).read()
Let’s decode this solution
().__class__.__base__: Creates a blank Tuple object, accesses its
class (Tuple) and then Tuple’s sole base class (Object)
__subclasses__()[134].__init__.__globals__: Accesses the
134th subclass of the Object class (in my installation, this is the
Printer class), uses its Python-defined __init__ function to access
the global scope
["__builtins__"]["open"]("./key", "r").read(): Accesses
Python’s list of builtin function headers, calls the open function on a
file called ”key” with the read permissions, and reads its contents
Charles Averill (UTD) Prison Snake February 2022
39. Why does Python work like this?
OOP Junk
Charles Averill (UTD) Prison Snake February 2022
40. Why does Python work like this?
OOP Junk
If you’re calling __subclasses__() or directly referencing
__globals__ your code is probably hard to read and/or vulnerable to
issues with scaling
Charles Averill (UTD) Prison Snake February 2022
41. Why does Python work like this?
OOP Junk
If you’re calling __subclasses__() or directly referencing
__globals__ your code is probably hard to read and/or vulnerable to
issues with scaling
Reflective programming - the ability of objects to modify their behavior
or structure under different contexts (last resort)
Charles Averill (UTD) Prison Snake February 2022
42. Why does Python work like this?
OOP Junk
If you’re calling __subclasses__() or directly referencing
__globals__ your code is probably hard to read and/or vulnerable to
issues with scaling
Reflective programming - the ability of objects to modify their behavior
or structure under different contexts (last resort)
Look at this list of reflection use-cases to see why it shouldn’t be used
very often
Charles Averill (UTD) Prison Snake February 2022
43. Why does Python work like this?
OOP Junk
If you’re calling __subclasses__() or directly referencing
__globals__ your code is probably hard to read and/or vulnerable to
issues with scaling
Reflective programming - the ability of objects to modify their behavior
or structure under different contexts (last resort)
Look at this list of reflection use-cases to see why it shouldn’t be used
very often
Debugging OOP Junk
Charles Averill (UTD) Prison Snake February 2022
44. Sources
Your Guide to the CPython Source Code
CPython Source Code
Common Python Structures
Python Data Model
Python’s Innards
Charles Averill (UTD) Prison Snake February 2022