お近づきになりたい人向けシリーズです。 いろいろなトピックを詰め込みましたが、「これら全部を知らないといけない」のようなつもりではなく、いろいろなことを知るきっかけになったらいいなという気持ちなので、あまり身構えずにちょっとずつ読んでもらえたらうれしい気がします。 まえがき 予備知識 規格 用語 精度という語について 記法 表現について 有限値の表現について エンコードについて 丸めについて よくある誤差や勘違いの例 0.1 = 1 / 10? 0.1 + 0.2 = 0.3? 整数の誤差 Rump’s Example 基本的な誤差評価 用語に関して 実数の丸め 有理数の丸め 基本演算の丸め 差について 複数回の演算 補題たち 桁落ちについて Re: Rump’s example 融合積和 数学関数に関する式の計算 誤差の削減に関して 総和計算 数学関数の精度について 比較演算について 雑
World’s First MIDI Shellcode Jan 2025 · 45 min read I gained remote code execution via MIDI messages to trick my synth into playing Bad Apple on its LCD. This blog post is about my journey with this reverse engineering project. Final iteration of Bad Apple The beginning I’ve had this Yamaha PSR-E433 synth for a very long time, and a couple of years ago I decided to open it up — partly because it w
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
My thoughts on writing a Minecraft server from scratch (in Bash) For the past year or so, I've been thinking about writing a Minecraft server in Bash as a thought excercise. I once tried that before with the Classic protocol (the one from 2009), but I quickly realized there wasn't really a way to properly parse binary data in bash. Take the following code sample: function a() { read -n 2 uwu echo
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s directly involved in the CUPS project said: From a generic security point of view, a whole Linux system as it is nowadays is just an endless and hopeless mess of security holes waiting to be exploited
Reading the excellent article by JeanHeyd Meneide on how broken string encoding in C/C++ is made me realise that Unicode is a topic that is often overlooked by a large number of developers. In my experience, there’s a lot of confusion and wrong expectations on what Unicode is, and what best practices to follow when dealing with strings that may contain characters outside of the ASCII range. This a
In this write-up, I will walk you through an implementation of a string formatting library for C++ I came up with for my video game. The end result came out really compact, at only 65 lines of code—providing a skeleton that can be supplemented with additional functionality at low cost. Usage Given a format buffer… char buffer[64]; String_Buffer buf = {str, sizeof str}; …the fmt::format function pr
Large Text Compression Benchmark Matt Mahoney Last update: July 3, 2025. history This competition ranks lossless data compression programs by the compressed size (including the size of the decompression program) of the first 109 bytes of the XML text dump of the English version of Wikipedia on Mar. 3, 2006. About the test data. The goal of this benchmark is not to find the best overall compressi
I find blockchain fascinating because it extends open source software development to open source + state. This seems to be a genuine/exciting innovation in computing paradigms; We don’t just get to share code, we get to share a running computer, and anyone anywhere can use it in an open and permissionless manner. The seeds of this revolution arguably began with Bitcoin, so I became curious to dril
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
This blogpost is the next instalment of my series of hands-on no-boilerplate vulnerability research blogposts, intended for time-travellers in the future who want to do Linux kernel vulnerability research. Specifically, I hope beginners will learn from my VR workflow and the seasoned researchers will learn from my techniques. In this blogpost, I'm discussing a bug I found in nf_tables in the Linux
IDAPythonによる解析の自動化をやってみる 逆アセンブラ,デコンパイラのデファクトスタンダードなツールの一つにIDA Proがある.IDA ProはPythonを使ったスクリプティング機能を提供しており,この機能を使うことでプラグインといった形でIDA自身の機能を拡張したり,面倒な手動解析を自動化することができる.このエントリでは,マルウェア解析を例としてIDAPythonを使った解析工程の一部の自動化をやってみる. シナリオ マルウェア作者は悪意あるコード部分で使用するAPIを動的にインポートすることで,静的解析のハードルを上げようと試みることがある.つまり実行の初期の段階でグローバルな変数にAPIのアドレスを保存しておき,API使用時には関数ポインタとしてこれを呼び出す.こうすることにより静的解析を行う解析者からはcall命令でデータ領域のある値へジャンプするように見え,一見して
Rust vs C++ Formatting
In Rust, if I want to print some 32-bit unsigned value in hex, with the leading 0x, padded out with zeros, I would write that as: println!("{:#010x}", value); In C++23, if I want to do the same, that’s: std::println("{:#010x}", value); The only difference is the spelling of the name of the thing we’re calling (which is a function template in C++ and a macro in Rust) - otherwise, identical. Neverth
Introduction: These Aren’t the JSONs You’re Looking For JSON (JavaScript Object Notation) was designed as a simple, lightweight, and human-readable data interchange format, often positioned as a more accessible alternative to XML. It has become the de facto standard for web APIs and system integration. However, while the specification itself is straightforward, different programming languages and
OffSec社のEXP-301コースを受講し、OSED試験に合格できました。コースや試験の概要、これから取り組む方へのアドバイス、備忘録等の記事です。 なお、レポート作成方法はPEN-200-2022受講記 & OSCP合格記の時とほぼ同じです。よろしければそちらの記事もご参照ください。 分かる人向けの結果概要 EXP-301コースとは サポート関係 IDAの逆コンパイル機能は使えないので注意 Lab環境のWinDbgバージョンが古くて一部辛い 私の事前知識 EXP-301コース受講記 OSED試験受験記 OSED試験の申込み 試験の準備 OSED試験本番 合格通知 感想 おまけ: 検証用コードの紹介 bad Characters確認用コード ROPチェーン構築用クラス 分かる人向けの結果概要 EXP-301コース関連に合計210時間ほど取り組みました。 ExerciseやExtra Mi
Workshop: An Introduction to macOS Forensics with Open Source Software
Workshop: An Introduction to macOS Forensics with Open Source Software Japan Security Analyst Conference 2022 株式会社インターネットイニシアティブ 小林 稔 Who am I? 小林 稔 2 • 株式会社インターネットイニシアティブ セキュリティ本部 セキュリティ情報統括室 技術調査、社内インシデントレスポンス • 外部活動 セキュリティキャンプ全国大会講師 2017-2019 Japan Security Analyst Conference Speaker 2018/2020 Black Hat USA 2018 Briefing Speaker • Twitter: @unkn0wnbit はじめに 3 0 本ワークショップの目的 (1/2) ◦本ワークショップでやること ▪
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
浮動小数点型の算術とお近づきになりたい人向けの記事 - えびちゃんの日記
World's First MIDI Shellcode
0.8.0 Release Notes ⚡ The Zig Programming Language
My thoughts on writing a Minecraft server from scratch (in Bash)
0.10.0 Release Notes ⚡ The Zig Programming Language
Attacking UNIX Systems via CUPS, Part I
Unicode is harder than you think · mcilloni's blog
A string formatting library in 65 lines of C++
Large Text Compression Benchmark
A from-scratch tour of Bitcoin in Python
IDAPythonによる解析の自動化をやってみる(静的解析編) - Snoozy
JSON is not JSON Across Languages | Dochia CLI Blog
EXP-301受講記 & OSED合格記 - プログラム系統備忘録ブログ