Collaborate Disseminate
I am well aware that the best approach is to update any dependency, no matter whether it is a development dependency or a runtime/production dependency.
But from a research prospective, I want to know whether a vulnerability in development… Continue reading Are devDependencies in Node.js exploitable?
Given a binary and looking to abuse LD_PRELOAD (privilege escalation or persistence), what’s a good way to list what functions can be hijacked when running the binary? Are there functions that should (almost) always be good hijacking candi… Continue reading How to see what functions can be hijacked when abusing LD_PRELOAD?
Background
Currently doing some vulnservers on Offensive Security’s Proving Grounds Practice Labs. A vulnserver is a machine configured with vulnerabilities for testing/audit and research purposes.
I came across a machine that had a cronjo… Continue reading SUID Priv Escalation – LD_LIBRARY_PATH versus ldconfig and /etc/ld.so.conf
I’ve found this PHP library for detecting/guessing the language of a given string: https://github.com/patrickschur/language-detection
I would have massive use of this. I would really like to use it.
But I cannot.
All I can think is this:
… Continue reading What to do when you simply cannot trust anyone or anything anymore?
My team is building an android application that is to be released on the Google Play Store and we are trying to use a library in the application that is licensed under the AGPL3.0 License. Are there any security measure recommendations tha… Continue reading Application Library License AGPL3.0 [closed]
MAD Architects wowed us with its initial concept for the Wormhole Library and happily the finished design looks just as out-of-this-world as the renders suggested it would. The project, now officially renamed the Cloudscape of Haikou, is complete and h… Continue reading MAD’s spaceship-like library lands on Chinese coast
High-profile British architecture firm Foster + Partners has completed a new library in the United Arab Emirates (UAE). Designed with the local climate in mind, the glazed building is shaded by a large overhanging roof and screens, and offers respite f… Continue reading Foster + Partners’ library offers a shaded oasis in the UAE
MAD Architects consistently puts out some of the most interesting architecture projects around and the firm’s out-of-this-world Wormhole Library is no exception. The building is now nearing completion and some newly released construction photos offer a… Continue reading MAD Architects’ otherworldly Wormhole Library nears completion
We use Snyk as our open source dependency scanner. We currently scan for vulnerable libraries on every pull request and this causes overhead to our developers. What would be a good open source vulnerability scanning frequency? Should it be… Continue reading What should be a good Open Source dependency scanning frequency?
I need a CSS crusher and it must be made in PHP or be a very trusted stand-alone CLI application. The only thing I can find is this: https://github.com/peteboere/css-crush
It’s not been updated in over a year, and the one "issue"… Continue reading What to do when you simply cannot trust anyone anymore?