| Enum.each(Process.list, fn pid -> | |
| case Process.info(pid)[:dictionary] do | |
| [_, "$initial_call": {:supervisor, DBConnection.ConnectionPool.Pool, _}] -> | |
| state = :sys.get_state(pid, 5000) | |
| case elem(state, 11) do | |
| {pid, _, Postgrex.Protocol, opts} -> | |
| if opts[:hostname] == "db.REDACTED.supabase.co" do | |
| IO.inspect({pid, state}) | |
| end | |
| _ -> nil |
This Gist aims to centralise the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.
Please help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.
| defmodule Attack.Worker do | |
| use GenServer | |
| require Logger | |
| def start_link(init_args) do | |
| GenServer.start_link(__MODULE__, [init_args]) | |
| end | |
| def init(_args) do |
| defmodule Mix.Tasks.ConvertToVerifiedRoutes do | |
| @shortdoc "Fix routes" | |
| use Mix.Task | |
| @regex ~r/(Routes\.)(.*)_(path|url)\(.*?\)/ | |
| @web_module MyAppWeb | |
| def run(_) do | |
| Path.wildcard("lib/**/*.*ex") |
| #!/usr/bin/env python3 | |
| import argparse | |
| import sys | |
| import mmap | |
| import logging | |
| from collections import defaultdict |
I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.
The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.
I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o
Deploying a Phoenix app to Fly.io is a breeze...is what everyone kept telling me. In fairness, I imagine the process would have been breezier had I just used postgres, but all the sqlite and litestream talk has been far too intriguing to ignore. "Wait", you say. "It is just a flat file. How much harder can it be?"
It is easy to make something harder than it should be. It is hard to take something complex and make it truly simple. flyctl launch does an amazing job at providing a simple interface to the utterly complex task of generating deployment resources, especially now that we are living in a containerd (erm, firecracker) world.
This gist is for anyone who, like me, thinks they know better than to read all of the documentation and therefore necessari
| #! /usr/bin/env python3 | |
| ''' | |
| Needs Requests (pip3 install requests) | |
| Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
| License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
| This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
| package main | |
| import ( | |
| "fmt" | |
| "os" | |
| "path/filepath" | |
| "strings" | |
| "crypto/sha256" |
