Collaborate Disseminate
Since using Runtime.exec() and ProcessBuilder trigger command injection vulnerability in static analyzing tools, is there any other recommended secure way to execute a bat file from a Java program?
Java code:
Runtime.getRu… Continue reading Is there a secure way to run a bat file from a Java program without command injection vulnerability?
So here’s the story. I have this smart watch, the Olio Model One. I would like to install Asteroid OS onto this watch, and in order to do that I have to get root code execution (the objective of this question).
The Olio, bes… Continue reading Use BlueBorne to get arbitrary code execution on locked-down Android system from 2016
I was reading about the create_function, that will be DEPRECATED on PHP 7.2, that is prone to php command injection. I started to play with it and created an example.
The code below should return the lowercase version of eac… Continue reading PHP command injection create_function eval
Frequent scenario:
An old game is released on GOG / Steam.
It proves to be incompatible with new Windows systems. (Crashes, game breaking bugs, fps of 0.5 and the likes)
An unofficial patch is released by the fanbase, eithe… Continue reading Is there any way to estimate the safety of arbitrary binaries, which are usually released with unofficial patches?
I wonder how an antivirus detects a virus in an exe file. As far as I know, exe files are compiled binaries. How does the antivirus detect the virus?
Continue reading How antivirus detects a virus from exe file
.EXE files are a danger in email attachments, and are usually blocked by Windows email clients. How is this on UNIX/macOS, where executables don’t have an extension?
Based on the file data, how do you determine if the file i… Continue reading Executable files in email attachments on UNIX
Is there any set of compiler parameters that can be used to prevent a C++ program from having any access to most system functions, leaving it with access to read/write to stdin/stdout, but otherwise unable to harm the system…. Continue reading Compiler Parameters to isolate a C++ program
I run Windows10 and would like the contents of my system default “Downloads” folder to be non-executable. I want at least for a landing zone where I can scan files, run hash checks, and so on. You know what I’m getting at –… Continue reading How can I disable execution of programs from Downloads directory in Windows 10?
Bash: Why would sourcing a file be less safe than bashing it (executing in another session)?
Is it the case, or I completely misunderstood?
I’ve heard in the the context of sourcing a sub-script from a master-script. For ex… Continue reading Bash: Why would sourcing a file be less safe than bashing it (executing in another session)?
I recently visited a university for an event where I was expected to bring a computer and do work using the campus wifi. On first connection, I was asked to download a “SafeConnect Policy Key” (.exe) which, according to its … Continue reading How to respond when network info sec check requires run of downloaded unknown .exe?