SEARCH KEYWORD -- Object


  Python Deserialization Attack Introduction: How to Build a Python Pickle Bomb

This article introduces an old and classic unsecured Python data serialization feature (the pickle library) and demonstrates how a red team attacker can exploit it to create a malicious binary or text data file that executes remote code or commands upon deserialization. The following attack flow diagram illustrates this process: We will follow 3 steps with the program code to show how Deserialization Attacks Work:   [ Step1 ] Crafting Malicious Data: An attacker crafts a malicious payloa...

       2024-07-07 03:08:22

  The Go Pointer Magic

Go is a language with the pointer type, by which we can Pass pointer into a function and update value in-place. Add methods to a struct as (* T) A, which is different from (T) A(). However, the pointer is type-safe in Go, meaning that there are such restrictions of the pointer. Different types of pointers are unconvertible. Pointer type cannot be used for calculation. Pointer types cannot be compared, either == nor !=. No mutual assignment between different pointer-...

   GOLANG,POINTER,UNSAFE     2021-10-03 02:18:57

  About .NET memory leak--GC,Delegate and weak reference

Memory leak is always a headache for many programmers, the situation is much better now in some languages which have GC mechanism, but still we may face some memory leak issues when we write programs. 1. What is memory leak? Memory leak is not that the memory chip is broken. In short, it's about that the memory requested is not released at the expected time as an expect way. So what is the expected time? This is very important for you to understand memory leak. If the time an object taking the m...

   .NET,GC,Reference counting,Mark and sweep,Weak reference     2013-05-25 12:59:09

  Python SSH Connection Tools

Program Design Purpose: We aim to create a simple Python SSH tool library that facilitates SSH communication, SCP file transfer, and SSH port forwarding through multiple jump hosts in an SSH tunnel chain. The library is designed to provide a simple API for establishing nested SSH tunnel connections through multiple jump hosts with customizable TCP ports. This allows users or their programs to automate SSH tasks such as: Batch processing SSH connection tasks, such as connecting to multiple ser...

       2024-08-30 04:46:05

  What have been Facebook’s greatest technical accomplishments?

To maintain a large website which gets billions of requests er day and keeps very fast response speed is not an easy task. Many big companies are trying best to improve user experience by adopting different techniques. There is a question on Quora which asks "What have been Facebook’s greatest technical accomplishments?". There is a person who worked in Facebook before provided an answer which helps us understanding how Facebook handles huge amount of traffic each day. Here is the answer f...

   Facebook, Design, Efficiency     2013-01-15 07:32:07

  Simplify Cloud Data Security: A Deep Dive Into Protecting Sensitive Data in Java

Featuring encryption, anonymization, hashing, and access control Network security incidents occur now and then, mostly caused by data leakage. Data security has aroused widespread concern, and the community keeps working hard on approaches to simplify data security, especially in sensitive data protection. Sensitive data includes but is not limited to personally identifiable information (PII) like names, ID numbers, passport numbers, driver’s license numbers, contact information like addre...

   JAVA,SECURITY,ENCRYPTION,DECRYPTION,TOKENIZATION     2023-04-28 21:22:10

  Is Java Set ordered or not?

“Is Java Set ordered or not? ” is the most popular question asked when you interview for a Java Developer position. Many fail to answer it, and I have to admit I was one of the many. I have known the answer is “Yes and No” for a long time. No. HashSet is not ordered. Yes.TreeSet is ordered. If the interviewer continues with some follow up questions, I’m not confident that I know the answer then. Why is TreeSet ordered? Are there any other ordered S...

   ORDER,SORTEDSET,HASHSET,JAVA     2021-02-11 06:55:00

  Hello, Kernel!

When we learn module programming, the first small program must be hello, kernel!. For a novice, how do we avoid some mistakes and how to fix the bugs we have when writing the first module program? Is there any example we can refer to? Here is one example. 1. Write the hello.c 01 #include <linux/init.h> 02 #include <linux/module.h> 03 #include <linux/kernel.h> 04 //Compulsory 05 //Module lincese declaration 06 MODULE_LICENSE("GPL"); ...

   module,kernel,Linux     2013-05-03 03:33:52

  One thought about JavaScript exception handle

Due to network, browser and cache issues, the JS executed in production may produce different results from the testing environments. Sometimes they may produce exceptions. Front-end developers may encounter this kind of exceptions frequently. But how to log and use them is seldomly considered by them. Actually, exception handling includes two steps : log and use. 1. Log Regarding to log error, this is relatively convenient, since in each browser, there is one interface called window.onerror. win...

   JaavScript,Log,Exception,Email     2013-03-18 12:50:21

  Go是一门面向对象的编程语言吗

Golang已经开源了13年,在最近的TIOBE编程语言排名中,于2023年3月再次进入前十名,并比2022年底的排名上升了两个位置。 Go在2022年底提高了2个排名 许多第一次接触Go的开发者来自面向对象的编程语言,比如Java、Ruby等,他们在学习Go后第一个问题通常是:Go是一种面向对象的语言吗?在本文中,我们将探讨这个问题。 追溯 在广为人知的Go编程语言“圣经”《The Go Programming ...

   OOP,CHINESE,GOLANG,GO     2023-05-02 23:41:38

RECENT