Skip to content

Instantly share code, notes, and snippets.

Discover gists

@caoya171193579
caoya171193579 / 信息安全中常用术语介绍
Created December 18, 2018 15:18
一些相关的安全术语,比如:VUL、CVE、Exp、PoC 等。
我们在一些重大的安全事件发生后,经常会在相关新闻或文档中看到一些相关的安全术语,比如:VUL、CVE、Exp、PoC 等。今天我们就来对这些常用术语的具体含义和用途做一个基本的了解,以便于以后不会在傻傻分不清这些术语的含义。
什么是 VUL
VUL,Vulnerability 的缩写,泛指漏洞。
什么是 0day 漏洞 和 0day 攻击
0day 漏洞,又称零日漏洞 「zero-day」。是已经被发现 (有可能未被公开),而官方还没有相关补丁的漏洞。通俗地讲就是除了漏洞发现者,没有其他的人知道这个漏洞的存在,并且可以有效地加以利用,发起的攻击往往具有很大的突发性与破坏性。
零日攻击或零时差攻击「zero-dayattack」则是指利用这种漏洞进行的攻击,提供该漏洞细节或者利用程序的人通常是该漏洞的发现者。零日漏洞的利用程序对网络安全具有巨大威胁,因此零日漏洞不但是黑客的最爱,掌握多少零日漏洞也成为评价黑客技术水平的一个重要参数。
@styblope
styblope / docker-api-port.md
Last active May 7, 2024 09:52
Enable TCP port 2375 for external connection to Docker

Enable TCP port 2375 for external connection to Docker

See this issue.
Docker best practise to Control and configure Docker with systemd.

  1. Create daemon.json file in /etc/docker:

     {"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
@rgreenjr
rgreenjr / postgres_queries_and_commands.sql
Last active May 7, 2024 09:51
Useful PostgreSQL Queries and Commands
-- show running queries (pre 9.2)
SELECT procpid, age(clock_timestamp(), query_start), usename, current_query
FROM pg_stat_activity
WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%'
ORDER BY query_start desc;
-- show running queries (9.2)
SELECT pid, age(clock_timestamp(), query_start), usename, query
FROM pg_stat_activity
WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%'
@demech
demech / imx7d-512mb-ram.md
Last active May 7, 2024 09:50
Configure iMX7D to support 512MB DRAM

The iMX7D reference design has two 512MB of RAM for a total of 1GB (math). With RAM costs on the cheap it is likely that your custom embedded platforms with the iMX7D will also have 1GB of RAM. But what happens when you are trying to cut costs, or just not over engineer and go with a single 512MB.

There are some tutorials online, but I couldn't find one that included all the changes that need to be made. So here I am.

There are some things to know before going further. I was using Das U-boot for my bootloader, and working with a linux kernel new enough to have DTS files (I think that happened in 3.7 for ARM architecture).

U-boot

We'll start in u-boot and go up from there. The iMX7D DCD (Device Configuration Data) file is located in the board directory as imximage.cfg There are 5 values that need to be changed and they are, the Master Register and Address Map Registers 0/1/5/6. Search the iMX7D Reference Manuel for more information on each of the registers.

-DATA 4 0x307a0000 0x01040001

@liquidx
liquidx / imx7-README.md
Last active May 7, 2024 09:49
Reflashing a TechNexion PICO-PI-IMX7

By: Alastair Tse @liquidx

Updated: 2021-12-05

This is a guide for installing Linux on a Technexion NXP IMX7 board. This is a board that was part of the Android Things Starter Kit (now discontinued).

There are some dead ends in this guide where I got to a point where I failed. I'm documenting this so that it can help anyone else who is trying the same thing.

Before starting, there are a few useful sources of information:

@roylee0704
roylee0704 / dockergrep.sh
Created December 9, 2016 08:24
how to grep docker log
docker logs nginx 2>&1 | grep "127."
# ref: http://stackoverflow.com/questions/34724980/finding-a-string-in-docker-logs-of-container
@borispoehland
borispoehland / effects.ts
Last active May 7, 2024 09:48
3 fetch effects for effect-ts. One uses cache: no-store, one cache: force-cache and one uses the default cache / revalidate
import * as S from '@effect/schema/Schema'
import { Context, Effect } from 'effect'
export interface IFetcher {
fetch: typeof fetch
}
export const TFetcher = Context.Tag<IFetcher>('IFetcher')
class FreshFetcher implements IFetcher {
@hhc0null
hhc0null / your_first_format_string_attacks.md
Last active May 7, 2024 09:47
fsbの資料

Your First Format String Attacks.

1. What's the `Format String Bugs'?

 Format String Bugs(以降, FSBとする)とは, sprintf()fprintf()などのprintf関数群やsyslog()などのFormat Strings(以降, 書式指定子とする)を扱える関数において, ユーザが自由に書式指定子を配置できるバグである. これを利用した攻撃手法をFormat String Attacksと呼び, この攻撃によりターゲットとなるプロセスがアクセス可能な任意のメモリの読み書きが行えるようになる. また, それを利用しプログラムの制御を乗っ取ることも可能である.
 実際のプログラムに多く存在するとは到底言えないような脆弱性ではあるが稀に見つかることはある. CVE-2012-0809[1]ではsudoのデバッグ機能にFSBが見つかり, 実際にlocal exploitが公開されたりもした. 前述の通り珍しいものではあるが, 任意のメモリの書き換えができるなど非常に強力なものであることからCTFではよく題材にされる.
 この記事ではFSBの検証に以下の環境を使用した.

sh-4.3$ uname -a
Linux Arch_Laptop 4.0.4-1-ARCH #1 SMP PREEMPT Mon May 18 06:43:19 CEST 2015 x86_64 GNU/Linux
@dwilliamson
dwilliamson / MarchingCubes.js
Last active May 7, 2024 09:46
Marching Cubes Lookup Tables
//
// Lookup Tables for Marching Cubes
//
// These tables differ from the original paper (Marching Cubes: A High Resolution 3D Surface Construction Algorithm)
//
// The co-ordinate system has the more convenient properties:
//
// i = cube index [0, 7]
// x = (i & 1) >> 0
// y = (i & 2) >> 1
@bugcy013
bugcy013 / NSE_Reports_link.txt
Last active May 7, 2024 09:46
NSE Reports link