| #!/bin/bash | |
| # 🚀 Discover More: Testing Your Firewall in 60 Seconds: A Lightweight WAF Testing Script That Anyone Can Use | |
| # Learn how this script works and the best practices for WAF testing. | |
| # Read the full article here: | |
| # 👉 https://medium.com/@kochuraa/testing-your-firewall-in-60-seconds-a-lightweight-waf-testing-script-that-anyone-can-use-a7a725fefcb7 | |
| # Safe WAF Tester Script | |
| # Usage: ./waf-smoke-test.sh <URL> [-o output.md] [-H "Header: Value"] | |
| # Examples: |
This script is designed to assist in identifying pull requests to HuggingFace repositories
that are sourced from the SFConvertbot user.
The SFConvertbot user is part of an automated tool used by HuggingFace to provide safetensor
versions of models. As published by HiddenLayer
this bot can be used by malicious actors to potentially insert malicious content into models.
This tool is a simple script to query all models released by a HuggingFace author, and checks all
| // | |
| // PoC.m | |
| // IOSABugTrigger | |
| // | |
| // Created by Linus Henze on 2023-04-08. | |
| // Copyright © 2023 Pinauten GmbH. Some rights reserved. | |
| // | |
| // | |
| // This is a PoC for CVE-2023-28206, triggering an oob memmove in IosaColorManagerMSR8::getHDRStats_gatedContext |
| - 0a6a1c9a7f80a2a5dcced5c4c0473765.bin | |
| - 0c0195c48b6b8582fa6f6373032118da.bin | |
| - 0d5774527af6e30905317839686b449d.bin | |
| - 045ef7a39288ba1f4b8d6eca43def44f.bin | |
| - 07efb8259b42975d502a058db8a3fd21.bin | |
| - 0898af0888d8f7a9544ef56e5e16354e.bin | |
| - 08c1bce6627764c9f8c79439555c5636.bin | |
| - 09672532194b4bff5e0f7a7d782c7bf2.bin | |
| - 0dff47f3b14fb1c1bad47cc517f0581a.bin | |
| - 0fc2653b1c45f08ca0abd1eb7772e3c0.bin |
| - Threat Modelling / Code Review — | |
| Resources-for-Application-Security | |
| How to prepare for a security engineer interview by Eray Mitrani | |
| Security_Engineer_Interview_Questions by Tad Whitaker | |
| Security Engineer - Interview Questions by Namish |
| loader: | |
| project_id: 3074491541 | |
| domain: dgormiugatox.com | |
| bot: | |
| c2s: | |
| - skaiortalop.com | |
| - ijoyzymama.com | |
| - ertusaporf.com | |
| - elcapolis.com | |
| - lezhidov.cloud |
| function Test-WebAcademy-Labs-Status($sessionCookieValue){ | |
| $storageFile="$env:USERPROFILE\.webacademy-labs-status" | |
| $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession | |
| $cookie = New-Object System.Net.Cookie | |
| $cookie.Name = "SessionId" | |
| $cookie.Value = $sessionCookieValue | |
| $cookie.Domain = ".portswigger.net" | |
| $session.Cookies.Add($cookie); | |
| Write-Host "[i] Status storage file: $storageFile" -ForegroundColor Cyan | |
| Write-Host "[+] Retrieving labs status from PortSwigger labs web page..." -ForegroundColor Yellow |
| from hashlib import md5, sha1 | |
| from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes | |
| from cryptography.hazmat.backends import default_backend | |
| from base64 import b64encode, b64decode | |
| import sys, time | |
| import requests | |
| DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8' | |
| class PanCrypt(): |
Those tips where posted between June and July 2022 on LinkedIn by Roberto Migli.
#IAM tip #1: There are 4 main types of IAM policies: Identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs and Session Policies. Matt Luttrell's blog post will guide you through when and how to use them.
A list of interesting conferences for vulnerability researchers. See also: https://twitter.com/i/lists/1543557448123957249
| Name | Dates | Location | Site |
|---|---|---|---|
| OffensiveCon | 10-11/05/2024 | Berlin, Germany | https://www.offensivecon.org/ |
| t2.fi | 18-19/04/2024 | Helsinki, Finland | https://t2.fi/ |
| Zer0Con | 04-05/04/2024 | Seoul, South Korea | https://zer0con.org |
| Code Blue | 08-09/11/2023 | Tokyo, Japan | https://codeblue.jp/ |
