Software Engineer, Open Source Developer/Maintainer. Ruby, Crystal, Bash. Sometimes I do infosec stuff. Develops @ronin_rb
PSA: Did you know that itโs **unsafe** to put code diffs into your commit messages?
Like https://github.com/i3/i3/pull/6564 for example
Such diffs will be applied by patch(1) (also git-am(1)) as part of the code change!
This is how a sleep(1) made it into i3 4.25-2 in Debian unstable.
This explainatory video attempting to define EDR vs. MDR vs. XDR vs. SOAR, but ultimately admitting that they all sort of overlap with eachother or have multiple alternative acronyms (ex: MXDR), perfectly illustrates why we need to stop Cyber Security marketing buzzword proliferation. At this rate, by 20230 we'll have 24 different marketing buzzwords for essentially what is AV connected to an IT help desk ticket system.
What ticketing system do Red Teamers generally perfer? How about for knowledge management?
What are people's favorite JavaScript packer/minifier/compiler?
@argv_minus_one yep, that's a very class-based/OOP model imho (read: functions being attached to and operating on data). Go and Rust might as well rename struct to class. /s
Are there any popular exploit payloads that are not Meterpreter, from msfvenom, from PayloadAllTheThings, or from revshells.com?
Good lord Windows C programming is terrible.
In UNIX to convert an error code into text one does:
strerror(errno);
but in Windows...
char buffer[256];
buffer[0] = '\0'; // for some reason
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, 0, GetLastError(), 0, buffer, sizeof(buffer), 0);
@jorge @thelinuxcast unfortunately Gnome (at least on SilverBlue) does not include a default Terminal keyboard shortcut. Had to add one, but then was surprised that gnome-terminal was replaced by ptyxis.
The more I research how certain popular security CLI utilities work/behave, the more amazed I am at how much kruft and bad UX (or CLI-X?) infosec practioners put up with. We need to stop fetishising janky and clunky CLI utilities. Learning and mastering them does not make your a better hacker, they are just slowing you down with bad UX, confusing option names/behavior, and poor documentation. Better things are possible.
@JonathanSalwan full disclosure: I bootstrapped a payload generation tool using some of your curated shellcodes. I only copied the hex escaped strings, sometimes added source comments to the shellcode blob, made sure to link back to the file, and added the author's metadata.
Dumb Question: what is the license of the shellcode in ShellStorm's Shellcodes Database? I cannot find any mention of a license on the website. People have started creating their own git repos to mirror the website's contents, also without any mention of a license or copyright. I feel like this is a big copyright/licensing legal problem waiting to happen.
Also, what if you only copy/paste in the hex bytes from the assembled shellcode into another project? What if you add comments with the assembly source code next to each line of hex bytes? Is that considered "derived work"?
/cc @JonathanSalwan
When we say "struct" we generally are referring to C structs. Now that Go, Rust, etc, implement structs that sort of act like classes, should we start explicitly calling them C structs to differentiate from Go/Rust structs?
Neat project trying to bring some of the language features from Rust to C. Although, I'm not a fan of Rust's overly terse keywords such as fn and impl (was fun or func really too long? why not omit the fn keyword entirely?) Also, if it still allows mixing signed and unsigned integers or arbitrary pointer access (doesn't mention anything about slices), it's still memory unsafe.
Are all of the Unreviewed GitHub Security Advisories missing package and version range information? Yikes, that's not a fun data curating problem.
If you're writing a tiny self-hosted web app for offensive security purposes or for application testing purposes, do you care if the web server/framework checks if there's a Host: header and that it matches the host/IP the HTTP server is listening on? Would you prefer Host: header validation be disabled by default or left on?
Bloody great. NVD is behind CloudFlare and it's now blocking HTTP requests from GitHub Actions.
https://github.com/postmodern/nvd-json_feeds.rb/actions/runs/20915134462/job/60086722826
https://github.com/postmodern/nvd-json_feeds.rb/issues/2
Wrote a custom C++ engine to render raw WAD geometry directly to the DAC.
Pure vector output, 1D occlusion culling, no rasterization tricks.
Running on a MOTU M4.
TIL you can restrict which repositories Copilot can review. The default setting is All Repositories.
@acursedcomrade except example.org isn't very helpful if someone wanted to run the example code, since example.org only has an index page that links to iana.org.
