Internet Engineering Task Force (IETF) K. Davis Request for Comments: 9562 Cisco Systems Obsoletes: 4122 B. Peabody Category: Standards Track Uncloud ISSN: 2070-1721 P. Leach University of Washington May 2024 Universally Unique IDentifiers (UUIDs) Abstract This specification defines UUIDs (Universally Unique IDentifiers) -- also known as GUIDs (Globally Unique IDentifiers) -- and a Uniform Resou
World’s First MIDI Shellcode Jan 2025 · 45 min read I gained remote code execution via MIDI messages to trick my synth into playing Bad Apple on its LCD. This blog post is about my journey with this reverse engineering project. Final iteration of Bad Apple The beginning I’ve had this Yamaha PSR-E433 synth for a very long time, and a couple of years ago I decided to open it up — partly because it w
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
My thoughts on writing a Minecraft server from scratch (in Bash) For the past year or so, I've been thinking about writing a Minecraft server in Bash as a thought excercise. I once tried that before with the Classic protocol (the one from 2009), but I quickly realized there wasn't really a way to properly parse binary data in bash. Take the following code sample: function a() { read -n 2 uwu echo
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s directly involved in the CUPS project said: From a generic security point of view, a whole Linux system as it is nowadays is just an endless and hopeless mess of security holes waiting to be exploited
Reading the excellent article by JeanHeyd Meneide on how broken string encoding in C/C++ is made me realise that Unicode is a topic that is often overlooked by a large number of developers. In my experience, there’s a lot of confusion and wrong expectations on what Unicode is, and what best practices to follow when dealing with strings that may contain characters outside of the ASCII range. This a
Try Mastering Emacs for free! Are you struggling with the basics? Have you mastered movement and editing yet? When you have read Mastering Emacs you will understand Emacs. It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up y
In this write-up, I will walk you through an implementation of a string formatting library for C++ I came up with for my video game. The end result came out really compact, at only 65 lines of code—providing a skeleton that can be supplemented with additional functionality at low cost. Usage Given a format buffer… char buffer[64]; String_Buffer buf = {str, sizeof str}; …the fmt::format function pr
Large Text Compression Benchmark Matt Mahoney Last update: July 3, 2025. history This competition ranks lossless data compression programs by the compressed size (including the size of the decompression program) of the first 109 bytes of the XML text dump of the English version of Wikipedia on Mar. 3, 2006. About the test data. The goal of this benchmark is not to find the best overall compressi
This December I once again did the Advent of Code, in Rust. If you are interested, my solutions are on Github. I wanted to highlight one particular solution to the day 2 problem as it is both optimized completely beyond the point of reason yet contains a useful technique. For simplicity we’re only going to do part 1 of the day 2 problem here, but the exact same techniques apply to part 2. We’re go
I find blockchain fascinating because it extends open source software development to open source + state. This seems to be a genuine/exciting innovation in computing paradigms; We don’t just get to share code, we get to share a running computer, and anyone anywhere can use it in an open and permissionless manner. The seeds of this revolution arguably began with Bitcoin, so I became curious to dril
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
This blogpost is the next instalment of my series of hands-on no-boilerplate vulnerability research blogposts, intended for time-travellers in the future who want to do Linux kernel vulnerability research. Specifically, I hope beginners will learn from my VR workflow and the seasoned researchers will learn from my techniques. In this blogpost, I'm discussing a bug I found in nf_tables in the Linux
IDAPythonによる解析の自動化をやってみる 逆アセンブラ,デコンパイラのデファクトスタンダードなツールの一つにIDA Proがある.IDA ProはPythonを使ったスクリプティング機能を提供しており,この機能を使うことでプラグインといった形でIDA自身の機能を拡張したり,面倒な手動解析を自動化することができる.このエントリでは,マルウェア解析を例としてIDAPythonを使った解析工程の一部の自動化をやってみる. シナリオ マルウェア作者は悪意あるコード部分で使用するAPIを動的にインポートすることで,静的解析のハードルを上げようと試みることがある.つまり実行の初期の段階でグローバルな変数にAPIのアドレスを保存しておき,API使用時には関数ポインタとしてこれを呼び出す.こうすることにより静的解析を行う解析者からはcall命令でデータ領域のある値へジャンプするように見え,一見して
Introduction: These Aren’t the JSONs You’re Looking For JSON (JavaScript Object Notation) was designed as a simple, lightweight, and human-readable data interchange format, often positioned as a more accessible alternative to XML. It has become the de facto standard for web APIs and system integration. However, while the specification itself is straightforward, different programming languages and
Workshop: An Introduction to macOS Forensics with Open Source Software
Workshop: An Introduction to macOS Forensics with Open Source Software Japan Security Analyst Conference 2022 株式会社インターネットイニシアティブ 小林 稔 Who am I? 小林 稔 2 • 株式会社インターネットイニシアティブ セキュリティ本部 セキュリティ情報統括室 技術調査、社内インシデントレスポンス • 外部活動 セキュリティキャンプ全国大会講師 2017-2019 Japan Security Analyst Conference Speaker 2018/2020 Black Hat USA 2018 Briefing Speaker • Twitter: @unkn0wnbit はじめに 3 0 本ワークショップの目的 (1/2) ◦本ワークショップでやること ▪
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy
Update 1.89.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Preview Markdown images & videos - Hover over a link to preview images & videos in Markdown. Enha
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
RFC 9562: Universally Unique IDentifiers (UUIDs)
World's First MIDI Shellcode
0.8.0 Release Notes ⚡ The Zig Programming Language
My thoughts on writing a Minecraft server from scratch (in Bash)
0.10.0 Release Notes ⚡ The Zig Programming Language
Attacking UNIX Systems via CUPS, Part I
Unicode is harder than you think · mcilloni's blog
What's New in Emacs 28.1?
A string formatting library in 65 lines of C++
Large Text Compression Benchmark
The World's Smallest Hash Table | orlp.net
A from-scratch tour of Bitcoin in Python
IDAPythonによる解析の自動化をやってみる(静的解析編) - Snoozy
JSON is not JSON Across Languages | Dochia CLI Blog
April 2024 (version 1.89)