Facebook engineering is at it again! Yesterday, Pysa was released, a static analyzer that detects common security issues based on dataflow in Python code. https://engineering.fb.com/security/pysa/
Recently, I was looking for something simple for the more “corporate”-y side of web things. I tried some PHP based CMS. For looks and simplicity I decided to focus on one of the lesser known ones (i.e. not the workhorse that Drupal is). At first, I tried to setup SSL traffic between a managed MySQL… Continue reading One flew over the CMS nest
These days, I have access to a Windows 10 laptop, as opposed to my usual set of tools. One feature of Windows 10 that I really like is Windows Subsystem for Linux, or WSL for short. In case you have not followed the developments, it is a way to run native Linux executables under Windows,… Continue reading Running Binary Ninja under WSL
(General Surgeon’s warning: The following post contains doses of paranoia which might exceed your recommended daily dosage. Fnord!). A lot of the data sanitisation literature around advises overwriting partitions with random data (btw, SANS Institute research claims that even a pass with /dev/zero is enough to stop MFM but YPMV). So leaving Guttman-like techniques aside,… Continue reading P For Paranoia OR a quick way of overwriting a partition with random-like data
Hello all, in the finest programming tradition, I take it that every time one took a programming course or decided to have a quick look into a programming language, writing a “Hello World” program was one of the first things done. However, even in such a small program, do you really know what it does… Continue reading Hello world demystified
MJC brought to my attention the following piece of code which attempts to provide some empirical data comparing the use of threads vs processes in CPython. This code, which I understand that it is stored for historical purposes, has some bugs, which I have pointed out in the comment section, but this is not the… Continue reading CPython threading vs multiprocessing – the 5 minute introduction
RUN, do not walk but RUN to http://paranoia.dubfire.net/2010/03/new-paper.html and download “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL” I will do some further research and keep you updated!