SEARCH KEYWORD -- Command


  Python Deserialization Attack Introduction: How to Build a Python Pickle Bomb

This article introduces an old and classic unsecured Python data serialization feature (the pickle library) and demonstrates how a red team attacker can exploit it to create a malicious binary or text data file that executes remote code or commands upon deserialization. The following attack flow diagram illustrates this process: We will follow 3 steps with the program code to show how Deserialization Attacks Work:   [ Step1 ] Crafting Malicious Data: An attacker crafts a malicious payloa...

       2024-07-07 03:08:22

  All I Know About Certificates -- Websites

In last article, we know the role of clients and their responsibilities for certificate verification. Finally, let's talk about websites. We've discussed many potential issues between CAs and clients concerning certificates, but the most frequent issue is with websites—many websites have faced this problem: certificate expiration. Websites need to ensure two things: Ensure their certificate does not expire. Protect their private key from being leaked. If someone else obtains the priv...

   CLIENTS,WEBSITES,SSL CERTIFICATE,CERTIFICATE AUTHORITY,CA     2024-07-26 22:33:29

  How to let Google index AJAX contents?

There are lots of websites containing only one page now with the popularity of AJAX. The website will load different contents according to different inputs from users. This approach provides good user experience and it also helps save bandwidth, the drawback is that AJAX contents are not easy to be indexed by search engines. For example, if you have a website: http://example.com Users can see different contents with the appended # structure in the URL: http://example.com#1 http://example.com#2 h...

   AJAX,Search engine,Google,History     2013-07-16 00:47:14

  Understand diff in Unix

diff is an important tool program in Unix. It is used to compare differences of two files, it is the foundation for code version control. If you type : $ diff <file_before_change> <file_after_change> diff will tell you what's the difference between these two files. The result may not be so easy to understand, so now I will show you how to understand diff. 1. 3 formats of diff diff has 3 formats due to historic reasons. normal diff context diff unified diff 2. Demo files For easy d...

   diff,Unix,version control,git     2012-09-03 10:49:36

  Mozilla Firefox Browser Tips & Tricks You Didn't Know About

Chrome might be all the rage right now, but Mozilla’s Firefox browser has always held its own in the browser wars. This open-source browser has its core set of dedicated fans and is popular under a broad user base across the world. With Firefox’s faster web page download speeds and strong privacy policies, it’s not hard to imagine why. But there are some other brilliant features that many might have missed. Take a look at these seven Firefox tricks that many users don’t k...

   NORDPASS,FIREFOX     2020-01-07 09:18:53

  Concise bash programming skills

The following are some concise bash programming skills which we may need in our daily programming work. 1. Check status of command execution The usual way: echo abcdee | grep -q abcd   if [ $? -eq 0 ]; then echo "Found" else echo "Not found" fi Concise way: if echo abcdee | grep -q abc; then echo "Found" else echo "Not found" fi Of course you can remove if...else with following code [Sun Nov 04 05:58 AM] [kodango@devops] ~/workspace $ echo abcdee | grep -q ...

   bash, skill,tip     2012-11-06 10:38:42

  Python SSH Connection Tools

Program Design Purpose: We aim to create a simple Python SSH tool library that facilitates SSH communication, SCP file transfer, and SSH port forwarding through multiple jump hosts in an SSH tunnel chain. The library is designed to provide a simple API for establishing nested SSH tunnel connections through multiple jump hosts with customizable TCP ports. This allows users or their programs to automate SSH tasks such as: Batch processing SSH connection tasks, such as connecting to multiple ser...

       2024-08-30 04:46:05

  About JavaScript source map

Last week jQuery 1.9 was released. This is the last release before jQuery 2.0. It adds many new functions, one of them is the source map. By accessing http://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js , you can scroll to the last line and you will see below line :  //@ sourceMappingURL=jquery.min.map This is source map, it is a separate file and it is put at the same directory as the source file. You can click here and see what it looks like. It's an very useful functio...

   Source map, JavaScript, jQuery     2013-02-01 07:06:44

  Publish Your Go Package on pkg.go.dev

go.dev is a site where various resources for Go developers are shared, such as “Get Started”, Tutorial, Packages (pkg.go.dev), and all the official blogs. Among them, Packages is where I visit most, which allows free access to all the open-source Go packages submitted by communities including the native Golang packages. Thanks to all the contributors, I enjoy the great benefit, and sometimes I want to be a contributor myself. Let’s submit a “complete” package t...

   GO.DEV,PUBLISH PACKAGE,GOLANG     2022-06-12 00:31:20

  Go 1.16 is released

Note: The post is authorized by original author to republish on our site. Original author is Stefanie Lai who is currently a Spotify engineer and lives in Stockholm, original post is published here. Last week, Go1.16 was released, bringing relatively more changes than version 1.15, which was influenced by the epidemic. The update is in many aspects, including compilation, deployment, standard library, etc. In the official Go document, all changes are classified based on Too...

   GOLANG,GO1.16,NEW FEATURES     2021-02-26 21:08:42

RECENT