Playing the Open Source Game
You've surely read plenty about how simple is good, but what's wrong with easy? The Zig project has a non-profit foundation that needs to be managed, a community to shape, and the actual language to develop. These are all big, complex problems that don't default to a positive outcome without active care. Andrew did an amazing job laying the foundations, from deliberately choosing a non-profit corp
Apple M1/M2シリーズのMac Studioを最大8TBまでアップグレードできるカスタムSSD「Studio Drive」がKickstarterに登場。
このApple M1 Max/Ultraチップ搭載のMac Studio (2022)とM2 Max/Ultraチップ搭載のMac Studio (2023)を最大8TBまでアップグレードできるカスタムSSD「Studio Drive」がクラウドファンディングサイトKickstarterで開発資金を募っています。 This is it, I launch my first Kickstarter project : Studio Drive which is a custom SSD upgrade for MacStudio M1 and M2https://t.co/etAlYCNfQV Prototypes were tested by @dosdude1 a few weeks agohttps://t.co/AsCwuxZIqn pic.twitter.com/BRsPjSKj6
Web scraping is the process of downloading data from a public website. For example, you could scrape ESPN for stats of baseball players and build a model to predict a team’s odds of winning based on their players stats and win rates. Below are a few use-cases for web scraping. Monitoring the prices of your competitors for price matching (competitive pricing). Collecting statistics from various web
This page is a partial list of interactive SQL clients (GUI or otherwise) - that doesn't include reporting engines, ETL data loaders, or visual design tools, just interactive clients that you can type SQL in to and get results from them. This includes web based or desktop apps. If you are looking for language interfaces / drivers, please see List of drivers. Cross-platform GUI Clients Open Source
Nightmare - Nightmare
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. I call it that because it's a lot of people's nightmare to get hit by weaponized 0 days, which these skills directly translate into doing that type of work (plus it's a really cool song). What makes Nightmare different? It's true there are a lot of resources out there to learn binary exploitation
GitHub - taishi-i/awesome-ChatGPT-repositories: A curated list of resources dedicated to open source GitHub repositories related to ChatGPT
awesome-chatgpt-api - Curated list of apps and tools that not only use the new ChatGPT API, but also allow users to configure their own API keys, enabling free and on-demand usage of their own quota. awesome-chatgpt-prompts - This repo includes ChatGPT prompt curation to use ChatGPT better. awesome-chatgpt - Curated list of awesome tools, demos, docs for ChatGPT and GPT-3 awesome-totally-open-chat
Trail of Bits
Hire us for your hardest security problems We don't just fix bugs, we fix software.Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and products. We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code. Request a quote Software AssuranceGet a comprehensive understanding of your security landscape and be a
All photos with permission: Emanuele AbrateFor the last couple of years, designer Emanuele Abrate has been demystifying famous logos by reverse-engineering what fonts they used or evolved from. While many famous brands use a proprietary typeface for their logos, Abrate points out that the designers will normally use an existing font as a jumping-off point, and his project, Logofonts, allows viewer
Open Circuits
Open Circuits is a photographic exploration of the beautiful design inside everyday electronics. Its stunning cross-section photography unlocks a hidden world full of elegance, subtle complexity, and wonder. Our phones, computers, and appliances are made of hundreds of internal components, each precisely engineered to perform a certain function, but none intended to actually be seen. Through pains
GitHub - rockbruno/swiftshield: 🔒 Swift Obfuscator that protects iOS apps against reverse engineering attacks.
Don't use this tool for production apps. I gave up on keeping this tool updated because every Swift release breaks SourceKit in a different way. It's probably really broken and is only useful as a way for you to learn more about obfuscation and SourceKit. SwiftShield is a tool that generates random and irreversible encrypted names for your iOS project's types and methods (including third-party lib
Welcome to the blog of Dr. Ken Tindell, CTO of Canis Automotive Labs. This blog is focused on the work Canis is doing on CAN bus and CAN security, but also covers the design of embedded software and hardware for automotive systems and the Yes We Can project at Canis that develops hardware, software and tools for CAN bus: the CANHack toolkit for injecting faults into the CAN protocol, CANPico and C
Entity Framework Core 5 - Pitfalls To Avoid and Ideas to Try | The .NET Tools Blog
IDEs AppCode CLion DataGrip DataSpell Fleet GoLand IntelliJ IDEA PhpStorm PyCharm RustRover Rider RubyMine WebStorm Plugins & Services Big Data Tools Code With Me Quality Assurance JetBrains Platform Scala Toolbox App Writerside JetBrains AI Grazie Team Tools Datalore Space TeamCity Upsource YouTrack Hub Qodana .NET & Visual Studio .NET Tools ReSharper C++ Languages & Frameworks Kotlin Ktor MPS Am
Next-Gen Exploitation: Exploring the PS5 Security Landscape whoami - @SpecterDev - Security researcher with a focus on kernel and platform security - Work on console security as a hobby - Started with PS4 ~5 years ago - Also co-host Dayzerosec podcast/media channel - First time presenter Agenda - Where we were (PS4 exploitation) - Attack surface, mitigations, post-exploitation - Where we are now -
The best industrial research labs throughout history have played a critical role in pioneering much of modern technology. Two modern examples of successful research labs — both founded in the wake of radical advances in the field of artificial intelligence — include DeepMind and OpenAI. Both of them have since pushed the field to new heights. In the last decade, the world of crypto and web3 has li
WebHID を使ってブラウザ上で Joy-Con のジャイロの値を取得する はじめに 第二のドワンゴ Advent Calendar 2019の23日目の記事です。再入社エントリも公開したのでもしよかったら見てください。 Google Chrome 78 で WebHID API が experimental features として追加されたので試しに Joy-Con を接続してみる話です。 Joy-Con は GamePad API を使用することでブラウザ上からボタンやスティックの情報を取得することができるのですが、残念ながらジャイロの取得には対応していません。 WebHID API を使用すれば Joy-Con のすべての機能にアクセスできるので、ブラウザ上でジャイロや IR センサーなどの情報を利用することができるはずです。 WebHID を有効にする WebHID はまだ e
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Reverse Engineering Dark Souls 3 Networking (#1 - Connection)
The Backstory FromSoftware’s SoulsBorne series are some of my most cherished games. I’ve got a lot of fond memories in these games, mainly participating in jolly cooperations with friends. Being a programmer, I’ve also had somewhat more interest than is probably healthy in how they’ve but together these masterpieces. To that end I spend a lot of time browsing social media related to modding and da
マルウェア解析プロフェッショナルのための資格 GREM合格体験記
NECサイバーセキュリティ戦略本部セキュリティ技術センターの松本です。 本稿ではマルウェア解析に関する国際的な資格であるGREM(GIAC Reverse Engineering Malware)試験について筆者の合格体験を含めてご紹介します。インシデントレスポンス対応やマルウェア解析を始めたばかりの方やそれらの業務に興味のある方を想定して、執筆をしています。 筆者のGREMを受験するきっかけは、インシデントレスポンス対応の業務を円滑に進めるために専門的なトレーニングが必要だったこと、もともとマルウェア解析に興味があり挑戦してみたい分野であったことです。 まず、SANS、GIAC、GREMについて概要をご説明します。 SANSは情報セキュリティ分野に特化した教育専門機関として有名な組織です。SANSは公式サイトでGIAC試験について以下のように記載しています。 「SANS Institut
Apple’s latest line of Macs includes their in-house “M1” system-on-chip, featuring a custom GPU. This poses a problem for those of us in the Asahi Linux project who wish to run Linux on our devices, as this custom Apple GPU has neither public documentation nor open source drivers. Some speculate it might descend from PowerVR GPUs, as used in older iPhones, while others believe the GPU to be comple
Fortinet says hackers exploited critical vulnerability to infect VPN customers
An unknown threat actor abused a critical vulnerability in Fortinet’s FortiOS SSL-VPN to infect government and government-related organizations with advanced custom-made malware, the company said in an autopsy report on Wednesday. Tracked as CVE-2022-42475, the vulnerability is a heap-based buffer overflow that allows hackers to remotely execute malicious code. It carries a severity rating of 9.
Townscaper's rendering style in WebGL - reindernijhoff.net
I love the rendering style of Townscaper by Oskar Stålberg. Since Townscaper can export your town as a .obj (including three “magic” textures), I thought it would be a nice project to reverse-engineer this style. Townscaper’s rendering style in WebGL Last weekend I finally had time and made a proof-of-concept in WebGL. You can find the demo here: https://projects.reindernijhoff.net/townscaper/. I
MMD-0066-2020 - Linux/Mirai-Fbot - A re-emerged IoT threat
Chapters: [TelnetLoader] [EchoLoader] [Propagation] [NewActor] [Epilogue] Prologue A month ago I wrote about IoT malware for Linux operating system, a Mirai botnet's client variant dubbed as FBOT. The writing [link] was about reverse engineering Linux ELF ARM 32bit to dissect the new encryption that has been used by their January's bot binaries, The threat had been on vacuum state for almost one m
async/await in Swift was introduced with iOS 15, and I would guess that at this point you probably already know how to use it. But have you ever wondered how async/await works internally? Or maybe why it looks and behaves the way it does, or even why was it even introduced in the first place? In typical SwiftRocks fashion, we're going deep into the Swift compiler to answer these and other question
Project Champollion
Welcome to Project Champollion Web Page¶ In this page, I have collected some reverse-engineering results of Rosetta 2. The name "Project Champollion" comes from Jean-François Champollion, who analyzed Rosetta Stone. Reverse-engineering Rosetta 2 part1: Analyzing AOT files and Rosetta 2 runtime Reverse-engineering Rosetta 2 part2: Analyzing other aspects of Rosetta 2 runtime and AOT shared cache fi
Thanks to funding from NLNet and ISRG, the sudo-rs team was able to request an audit from Radically Open Security (ROS). In this post, we'll share the findings of the audit and our response to those findings. ROS performed crystal-box penetration testing on sudo-rs with the goal of verifying that it was not possible to perform privileged actions without proper authentication. The audit was carried
ネコの自動エサやり機を人間用に魔改造した猛者が登場
「自動でキャンディーが出てくるような機械が見つからなかったため、ネコ向けの自動エサやり機を人間が食べられるお菓子が出てくるように改造した」という猛者が現れました。 Reverse Engineering a Cat Feeder to Boost Productivity https://www.sensibledefaults.io/blog/reverse-engineering-cat-feeder/index ネコ用の自動エサやり機を人間のお菓子用に改造したのはジョン・パーティーさん。パーティーさんが改造したのはPETKIT製の以下の自動エサやり機。 Amazon | PETKIT 自動給餌器 色々な種類のフードに適応 タイマー式 スマホ管理 定時定量 手動給餌可 2WAY給電 IOS Android対応 日本語対応アプリ 3L 猫 中小型犬用 (ホワイト) | Petkit |
The Yamaha DX7 synthesizer's clever exponential circuit, reverse-engineered
Computer history, restoring vintage computers, IC reverse engineering, and whatever The Yamaha DX7 synthesizer's clever exponential circuit, reverse-engineered The Yamaha DX7 digital synthesizer was released in 1983 and became extremely popular, defining the sound of 1980s pop music. Because microprocessors weren't fast enough in the early 1980s, the DX7 used two custom digital chips: the EGS "env
Versions 5.6.0 and 5.6.1 of the XZ compression utility and library were shipped with a backdoor that targeted OpenSSH. Andres Freund discovered the backdoor by noticing that failed SSH logins were taking a lot of CPU time while doing some micro-benchmarking, and tracking down the backdoor from there. It was introduced by XZ co-maintainer "Jia Tan" — a probable alias for person or persons unknown.
owasp-mastg-ja
�s�� V
Playing Beat Saber in the browser with body movements using PoseNet & Tensorflow.js
Playing Beat Saber in the browser with body movements using PoseNet & Tensorflow.js I haven't played many VR games because I don't own gears but one that I tried and loved was Beat Saber. If you're not familiar with it, it is this Tron-looking game where you use your controllers to hit "beats" to the rhythm of a song. It's really a lot of fun but it requires you to have either an HTC Vive, an Ocul
5/27に監訳本『マスタリングGhidra』が発売されます! - セキュリティコンサルタントの日誌から
『マスタリングGhidra ―基礎から学ぶリバースエンジニアリング完全マニュアル 単行本』(オライリージャパン)が、5月27日発売されます。 www.oreilly.co.jp 発売に先駆けて見本誌をいただきました! Ghidraとは? Ghidraとは、NSA(米国国家安全保障局)が開発したリバースエンジニアリングソフトウェアであり、2019年に公開され、デファクトスタンダードのツールであるIDA Proにも機能面で同等の豊富さを持っていることから話題になったツールです。 マスタリングGhidraとは? 本書(原題:The Ghidra Book: The Definitive Guide)は、『The IDA Pro Book』の著者であるChris Eagle氏と、コンピュータサイエンスの教授であるKara Nance氏によってかかれた本で、一言でいえばGhidraの全てが記載されて
Or how to play YouTube videos on you SONOS, easy and for free. SONOS is a brand of connected speakers that allow users on the network listen to music that they can choose using the SONOS specific Android / iOS application, or 3d party services with monthly subscription like Deezer / Spotify / YouTube Music from their local network. SONOS has been growing in popularity and user base last years and
For years, the M1 has only supported OpenGL 4.1. That changes today – with our release of full OpenGL® 4.6 and OpenGL® ES 3.2! Install Fedora for the latest M1/M2-series drivers. Already installed? Just dnf upgrade --refresh. Unlike the vendor’s non-conformant 4.1 drivers, our open source Linux drivers are conformant to the latest OpenGL versions, finally promising broad compatibility with modern
Talking with the Moon: Inside Apollo's premodulation processor
Computer history, restoring vintage computers, IC reverse engineering, and whatever The Apollo missions to the Moon required complex hardware to communicate between Earth and the spacecraft, sending radio signals over hundreds of thousands of miles. The premodulation processor was a key component of this system, combining voice, scientific data, TV, and telemetry for transmission to Earth.1 It was
The vast majority of serious malware over the past 30 years has been written in Assembly or compiled languages such as C, C++, and Delphi. However, ever-increasing over the past decade, a large amount of malware has been written in interpreted languages, such as Python. The low barrier to entry, ease of use, rapid development process, and massive library collection has made Python attractive for m
Guide Information Jailbreak your CPAP machine with Airbreak In light of the COVID-19 crisis and resultant shortage of medical equipment, hospitals have developed protocols for using BiPAP (BIlevel Positive Airway Pressure) machines as non-invasive ventilators, the FDA has approved the use of these modified BiPAP devices as ventilators, and several groups are currently working on ventilator designs
Introduction Web scraping or crawling is the process of fetching data from a third-party website by downloading and parsing the HTML code to extract the data you want. "But why don't you use the API for this?" Well, not every website offers an API, and APIs don't always expose every piece of information you need. So, scraping is often the only solution to extract website data. There are many use c
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool | FireEye Inc
We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from several days to several weeks. Bypassing this time-consuming step presented an opportunity for collaboratio
Navigating New Constraints, Requirements, and Capabilities Like almost any question about AI, “How does AI impact software architecture?” has two sides to it: how AI changes the practice of software architecture and how AI changes the things we architect. These questions are coupled; one can’t really be discussed without the other. But to jump to the conclusion, we can say that AI hasn’t had a big
[extrowerk] tells us about a new hacker-friendly device – a $20 LTE modem stick with a quadcore CPU and WiFi, capable of running fully-featured Linux distributions. This discovery hinges on a mountain of work by a Chinese hacker [HandsomeYingYan], who’s figured out this stick runs Android, hacked its bootloader, tweaked a Linux kernel for it and created a Debian distribution for the stick – callin
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
How to Crawl the Web with Scrapy
PostgreSQL Clients - PostgreSQL wiki
These are the fonts behind 30 famous logos
CAN Injection: keyless car theft
Next-Gen Exploitation: Exploring the PS5 Security Landscape
Announcing a16z crypto research - a16z crypto
WebHID を使ってブラウザ上で Joy-Con のジャイロの値を取得する - thiryのブログ
GitHub - geohot/corona: Reverse engineering SARS-CoV-2
Dissecting the Apple M1 GPU, part I
How async/await works internally in Swift
sudo-rs' first security audit - Ferrous Systems
How the XZ backdoor works [LWN.net]
How I hacked SONOS and YouTube the same day
Conformant OpenGL 4.6 on the M1
Python Malware On The Rise
Airbreak: Jailbreak your CPAP machine
Web Scraping without getting blocked
Software Architecture in an AI World
Hackable $20 Modem Combines LTE And Pi Zero W2 Power