This document summarizes Spencer McIntyre's presentation on using Python and Meterpreter's Railgun functionality to integrate with and execute code on Apple devices. It discusses how Railgun allows calling native library functions in memory on Windows targets. The presentation demonstrates extending this capability to macOS by using Python ctypes to interface with Objective-C and macOS APIs like Foundation and libobjc, enabling tasks like running AppleScript code directly from memory without writing to disk. Example code is provided and potential issues around memory operations and segmentation faults are addressed.
Facilitating Idiomatic Swift with Objective-CAaron Taylor
Blog Post: https://www.meta.sc/tech/swiftobjc
If you are hitting roadblocks in trying to communicate with Core Foundation and C APIs directly from Swift, just wrap them in a friendly Objective-C class that provides an simple API for the rest of your application to use.
You can write the best, most structured documentation in the world - and your users will still arrive by some other route. This session focuses on the GitHub repos that your documentation references, and how to prepare for these to be the entry point for someone.
Slides from Houston Xamarin C# Developers Group in Houston Texas on December 16th 2013:
PCL Deep Dive: With a single solution in Visual Studio, build native cross-platform apps for iOS, Android, and Windows all in C#. Dive into platform specific code with Service Locators (IoC) an PCL support
Robot Framework for beginners and what is new at 2019Laura Ojala
Slides for 1,5 hours workshop about Robot Framework. Presentation includes: (1) introduction to web site testing using Selenium Webdriver for complete beginners, and (2) what impressed me the most in Robocon 2019 conference.
PHP Conference Japan 2019 Track6-5 Aurimas Niekis - How to Supercharge your PHP Web API
https://phpcon.php.gr.jp/2019/
https://www.youtube.com/watch?v=ZtTvUQCDDTM
Facilitating Idiomatic Swift with Objective-CAaron Taylor
Blog Post: https://www.meta.sc/tech/swiftobjc
If you are hitting roadblocks in trying to communicate with Core Foundation and C APIs directly from Swift, just wrap them in a friendly Objective-C class that provides an simple API for the rest of your application to use.
You can write the best, most structured documentation in the world - and your users will still arrive by some other route. This session focuses on the GitHub repos that your documentation references, and how to prepare for these to be the entry point for someone.
Slides from Houston Xamarin C# Developers Group in Houston Texas on December 16th 2013:
PCL Deep Dive: With a single solution in Visual Studio, build native cross-platform apps for iOS, Android, and Windows all in C#. Dive into platform specific code with Service Locators (IoC) an PCL support
Robot Framework for beginners and what is new at 2019Laura Ojala
Slides for 1,5 hours workshop about Robot Framework. Presentation includes: (1) introduction to web site testing using Selenium Webdriver for complete beginners, and (2) what impressed me the most in Robocon 2019 conference.
PHP Conference Japan 2019 Track6-5 Aurimas Niekis - How to Supercharge your PHP Web API
https://phpcon.php.gr.jp/2019/
https://www.youtube.com/watch?v=ZtTvUQCDDTM
CNIT 127 Ch 16: Fault Injection and 17: The Art of FuzzingSam Bowne
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
LogiLogicless UI prototyping with Node.js | SuperSpeaker@CodeCamp Iasi, 2014Endava
Prototyping modular UI components without the backend logic and focusing more on presentational logic and user experience.
Presentation of an open source tool released as MIT to bootstrap front-end practices without relying on complicated backend environments.
A Modeling Editor and Code Generator for AsyncAPIabgolla
Talk presented at the 1st AsyncAPI conference - https://www.asyncapiconf.com/
Talk summary:
In the new Internet of Things (IoT) era, our everyday objects have evolved in the so-called cyber-physical systems (CPS). The use and deployment of CPS has especially penetrated the industry, giving rise to the Industry 4.0 or Industrial IoT (IIoT). Typically, architectures in IIot environments are distributed and asynchronous, communication being guided by events such as the publication of (and corresponding subscription to) messages.
In this talk, we present AsyncAPI toolkit, our proposal relying on AsyncAPI to automate the design and implementation of these architectures using model-based techniques. AsyncAPI toolkit provides a set of editors and Eclipse-based tools which allow defining JSON-based specifications of message-driven APIs using AsyncAPI. From these specifications, the prototype is able to generate the Java code supporting the creation and serialization of JSON-based message payloads according to the modeled AsyncAPI, including nested JSON objects, as well as the necessary code to publish and subscribe to different topics. The initial prototype that implements this proposal as an open-source project is available at https://github.com/SOM-Research/asyncapi-toolkit
TypeScript for Alfresco and CMIS - Alfresco DevCon 2012 San JoseSteve Reiner
This presentation was given during the second Lightning Talk session at the Alfresco DevCon 2012 in San Jose. This briefly covered some languages that can be translated to JavaScript (TypeScript, Dart, ActionScript, CoffeeScript) and used for developing HTML5/JS web applications and mobile web apps. TypeScript seems to be the best choice. IDEs and editors currently supporting TypeScript were listed.
My plans to support various Alfresco and CMIS things was covered: port CMIS Spaces and FlexSpaces from Flex/AS3 to TypeScript, TypeScript wrappers for AlfJS and CMIS.JS, additional Alfresco and CMIS TypeScript libraries, sample showing a Share dashlet, and a TypeScript definition file for intellisense / compile time type checking for Alfresco WebScripts.
Stealing Chromium: Embedding HTML5 with the Servo Browser Engine (LinuxCon NA...Samsung Open Source Group
Mike Blumenkrantz (Senior Engineer, Samsung Open Source Group), and Lars Bergstrom (Mozilla Research) share their research and implementation of HTML5 within the Servo Browser Engine.
These slides provide an overview of .NET Core and also the changes to ASP.NET Core after the RC2 release. There is also some demos and source code.
This talk was given at the Let's Dev This Roadshow in London, ON on May 26, 2016.
CNIT 127 Ch 16: Fault Injection and 17: The Art of FuzzingSam Bowne
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
LogiLogicless UI prototyping with Node.js | SuperSpeaker@CodeCamp Iasi, 2014Endava
Prototyping modular UI components without the backend logic and focusing more on presentational logic and user experience.
Presentation of an open source tool released as MIT to bootstrap front-end practices without relying on complicated backend environments.
A Modeling Editor and Code Generator for AsyncAPIabgolla
Talk presented at the 1st AsyncAPI conference - https://www.asyncapiconf.com/
Talk summary:
In the new Internet of Things (IoT) era, our everyday objects have evolved in the so-called cyber-physical systems (CPS). The use and deployment of CPS has especially penetrated the industry, giving rise to the Industry 4.0 or Industrial IoT (IIoT). Typically, architectures in IIot environments are distributed and asynchronous, communication being guided by events such as the publication of (and corresponding subscription to) messages.
In this talk, we present AsyncAPI toolkit, our proposal relying on AsyncAPI to automate the design and implementation of these architectures using model-based techniques. AsyncAPI toolkit provides a set of editors and Eclipse-based tools which allow defining JSON-based specifications of message-driven APIs using AsyncAPI. From these specifications, the prototype is able to generate the Java code supporting the creation and serialization of JSON-based message payloads according to the modeled AsyncAPI, including nested JSON objects, as well as the necessary code to publish and subscribe to different topics. The initial prototype that implements this proposal as an open-source project is available at https://github.com/SOM-Research/asyncapi-toolkit
TypeScript for Alfresco and CMIS - Alfresco DevCon 2012 San JoseSteve Reiner
This presentation was given during the second Lightning Talk session at the Alfresco DevCon 2012 in San Jose. This briefly covered some languages that can be translated to JavaScript (TypeScript, Dart, ActionScript, CoffeeScript) and used for developing HTML5/JS web applications and mobile web apps. TypeScript seems to be the best choice. IDEs and editors currently supporting TypeScript were listed.
My plans to support various Alfresco and CMIS things was covered: port CMIS Spaces and FlexSpaces from Flex/AS3 to TypeScript, TypeScript wrappers for AlfJS and CMIS.JS, additional Alfresco and CMIS TypeScript libraries, sample showing a Share dashlet, and a TypeScript definition file for intellisense / compile time type checking for Alfresco WebScripts.
Stealing Chromium: Embedding HTML5 with the Servo Browser Engine (LinuxCon NA...Samsung Open Source Group
Mike Blumenkrantz (Senior Engineer, Samsung Open Source Group), and Lars Bergstrom (Mozilla Research) share their research and implementation of HTML5 within the Servo Browser Engine.
These slides provide an overview of .NET Core and also the changes to ASP.NET Core after the RC2 release. There is also some demos and source code.
This talk was given at the Let's Dev This Roadshow in London, ON on May 26, 2016.
Kotlin is a language from the tool gurus at JetBrains. In 2016, after about six years of development, Kotlin reached version 1.0. In 2017 it won the hearts of developers and became an officially supported language for Android.
Kotlin, like Java, is for more than creating Android applications. It can replace or enhance Java most places it is used today including on AWS. AWS Lambda functions sometimes called Serverless Computing, is a service which lets us developers build web services without worrying about configuring servers.
In this session, we will create a lambda service on AWS using Kotlin. Along the way, we will learn what a makes Kotlin an excellent replacement for Java and how simple it is to construct an AWS Lambda function.
Native App Development for iOS, Android, and Windows with Visual StudioXamarin
With a single solution in Visual Studio, build native cross-platform apps for iOS, Android, and Windows all in C#.
James Montemagno, Developer Evangelist at Xamarin, as he shows you how Xamarin and Visual Studio 2013 give you the best environment for developing native cross-platform apps.
Игорь Фесенко "Direction of C# as a High-Performance Language"Fwdays
There are a lot of upcoming performance changes in .NET. Starting from code generation (JIT, AOT) and optimizations that can be performed by the compiler (inlining, flowgraph & loop analysis, dead code elimination, SIMD, stack allocation and so on). In this talk we will cover some features of C# 7 are going towards making low level optimization.
I will share not only how we can improve performance with the next version of .NET, but how we can do it today using different techniques and tools like Roslyn analyzers, Channels (Push based Streams), System.Slices, System.Buffers and System.Runtime.CompilerServices.Unsafe.
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...Jean Vanderdonckt
In this paper we present an extensible software workbench for supporting the effective and dynamic prototyping of multimodal interactive systems. We hypothesize the construction of such applications to be based on the assembly of several components, namely various and sometimes interchangeable modalities at the input, fusion-fission components, and also several modalities at the output. Successful realization of advanced interactions can benefit from early prototyping and the iterative implementation of design requires the easy integration, combination, replacement, or upgrade of components. We have designed and implemented a thin integration platform able to manage these key elements, and thus provide the research community a tool to bridge the gap of the current support for multimodal applications implementation. The platform is included within a workbench offering visual editors, non-intrusive tools, components and techniques to assemble various modalities provided in different implementation technologies, while keeping a high level of performance of the integrated system.
Ember.js - introduction
I have searched for Ember ppt in the internet. Got many things but not like structured... So i have just combined and made a new one..
I am just learning and not an expert. Please share your comments, so i can keep up myself..
Build software like a bag of marbles, not a castle of LEGO®Hannes Lowette
If you have ever played with LEGO®, you will know that adding, removing or changing features of a completed castle isn’t as easy as it seems. You will have to deconstruct large parts to get to where you want to be, to build it all up again afterwards. Unfortunately, our software is often built the same way. Wouldn’t it be better if our software behaved like a bag of marbles? So you can just add, remove or replace them at will?
Most of us have taken different approaches to building software: a big monolith, a collection of services, a bus architecture, etc. But whatever your large scale architecture is, at the granular level (a single service or host), you will probably still end up with tightly couple code. Adding functionality means making changes to every layer, service or component involved. It gets even harder if you want to enable or disable features for certain deployments: you’ll need to wrap code in feature flags, write custom DB migration scripts, etc. There has to be a better way!
So what if you think of functionality as loose feature assemblies? We can construct our code in such a way that adding a feature is as simple as adding the assembly to your deployment, and removing it is done by just deleting the file. We would open the door for so many scenarios!
In this talk, I will explain how to tackle the following parts of your application to achieve this goal: WebAPI, Entity Framework, Onion Architecture, IoC and database migrations. And most of all, when you would want to do this. Because… ‘it depends’.
Recent workshop on security code review given at SecTalks Melbourne. The slides contain a link to the vulnerable PHP application to perform the review.
SOLID Programming with Portable Class LibrariesVagif Abilov
Developers often don't pay attention to code portability until they need to target multiple platforms. However, large amount of non-portable code often hints about violation of clean code principles, so it is worth investigating which part of the source code base are platform-specific and for what reasons.
In this session we will give an overview of portable class libraries, show how to extract PCL components from a real-world application and go through typical challenges that are faced when writing portable code. We will present the original tool that analyzes assemblies for portability compliance and can be used as a guard to prevent mixing business logic with infrastructure-specific functionality. Finally we will demonstrate how PCLs help targeting platforms such as Windows Store, Android and iOS.
Escaping the yellow bubble - rewriting Domino using MongoDb and AngularMark Leusink
Slides from my ICON UK 2014 session held on September 13, 2014 at IBM Southbank, London.
The session was an introduction to the MEAN stack (Mongo, Express, Angular and Node).
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
How world-class product teams are winning in the AI era by CEO and Founder, P...
The Python in the Apple
1. The Python in the Apple
BSides Cleveland 2017
Spencer McIntyre
2. Agenda
• About Me
• Python ctypes Review
• Integration with Meterpreter (Railgun)
• Objective-C from Railgun
• Demonstration Time
3. About Me
• Spencer McIntyre
• Work at SecureState
• Research, Development, “Special” Projects
• BSOD-inducer
• Avid open source contributor
• Metasploit among others
• Python enthusiast
5. Why do we care?
• One word: Stealth
• Everything here could be accomplished an “easier” way
• Writing files (often scripts) to disk
• Starting new processes
6. Meterpreter’s Railgun
• Standard API Extension of Metepreter
• Remote FFI (Foreign Function Interface)
• Only available for Windows (prior to
March 2017)
• Facilitates in-memory loading and calling
of native library code from the target
• Used by many Windows post and a few
local exploit modules
• You’ve probably used it without realizing it
7. Meterpreter’s Railgun
• Exposed through four basic Meterpreter API functions
• railgun_api
• Core functionality to load an arbitrary function, call it with defined parameters
and return results
• railgun_api_multi
• Execute multiple calls in a single transaction, offers better speed when used
• railgun_memread
• Read data out of the Meterpreter process, useful when pointers are returned
• railgun_memwrite
• Write data to in the Meterpreter process
8. Python Meterpreter
• First non-Windows implementation of Railgun
• Heavily utilizes ctypes to make all of the native API calls
• memread / memwrite were deceptively difficult
• Linux version backed with process_vm_(read|write)
• ctypes already supported function calls so wrapping that was relatively cross-
platform
• Error code retrieval is the primary difference
• Memory operations on the other hand…
9. OSX Memory Primitives
• Invalid access (read or write) results in
segmentation fault when not done safely
• Segmentation fault = session closed
• Enter the libc’s mach_vm_*
• Accessible via standard ctypes methods
• Graceful failure will help you have a good
time
• Error codes are returned for invalid
addresses and invalid permissions
10. OSX APIs From Railgun
Less Pew Pew more Segmentation fault
11. OSX APIs
• APIs are provided by frameworks
• /System/Library/Frameworks
• Mach-O universal binaries
• Major ones
• Foundation
• Accounts
• Social
• Security
• Loadable by Python’s ctypes
• Not particularly useful, the interfaces exposed are insufficient by themselves
12. libobjc
• Provides the runtime for Objective-C code
• This is accessible via C, ctypes will work as expected
• Allows initialization and usage of Objective-C classes
• Severe lack of documentation
• Apple doesn’t advertise this method
• Internet is full of reasons why it’s a Bad Idea™
• Repetitive API to use Objective-C objects this way
• objc_getClass objc_msgSend sel_registerName
14. Objective-C Object
• Basically chaining calls to objc_msgSend
• id objc_msgSend(id self, SEL op, …);
• Uses the standard CDECL calling convention
• Accepts a variable number of arguments (this is key)
• First parameter is the class instance, (or the class itself when you’re first
creating an instance)
• Second parameter is the “method selector”
• This is a string passed to sel_registerName
• Contains the method name and parameters by name
18. Code is Public
• https://github.com/zeroSteiner/metasploit-framework
• https://github.com/zeroSteiner/metasploit-payloads
• Both branches are pymet-rg-osx
19. Further Reading & Resources
• How Meterpreter’s Railgun works
• https://community.rapid7.com/community/metasploit/blog/2017/05/18/recen
t-python-meterpreter-improvements
• https://warroom.securestate.com/inner-workings-railgun/