| name | description |
|---|---|
Logging Best Practices |
Use before implementing logs in a medium to large scale production system. |
This skill is adpated from "Logging sucks. And here's how to make it better. by Boris Tane.
When helping with logging, observability, or debugging strategies, follow these principles:
| #!/bin/sh | |
| print_usage() { | |
| echo "usage: compress_video <input_file>" | |
| echo "supported formats: mp4, webm, mkv, mov, avi, flv" | |
| } | |
| get_extension() { | |
| f="${1##*/}" | |
| case "$f" in |
| id: suspicious-extensions-rce | |
| info: | |
| name: Suspicious File Extensions - Potential RCE | |
| author: Nullenc0de | |
| severity: medium | |
| description: Detects files with potentially suspicious extensions that could be used for Remote Code Execution (RCE). Scan your AppData folder. | |
| file: | |
| - extensions: |
| javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g,jsRegex=/(?<=(\"|\'|\%60))(?:\/|https?:\/\/)[a-zA-Z0-9_?&=\/\-\#\.]+\.js(?:\?[^"'%60]*)?(?=(\"|\'|\%60))/g;const results=new Set;const paramMap=new Map();const jsFiles=new Set();function processContent(t,src){var e=t.matchAll(regex);for(let r of e){results.add(r[0]);var params=r[0].split('?')[1];if(params){params.split('&').forEach(param=>{var [key,]=param.split('=');if(key){if(!paramMap.has(key)){paramMap.set(key,[]);}paramMap.get(key).push(src||'Inline script or HTML');}});}}var j=t.matchAll(jsRegex);for(let r of j){jsFiles.add(r[0]);}}for(var i=0;i<scripts.length;i++){var t=scripts[i].src;if(t){jsFiles.add(t);fetch(t).then(function(t){return t.text()}).then(text=>processContent(text,t)).catch(function(t){console.log("An error occurred: ",t)});}else{processContent(scripts[i].textContent);}}var pageContent=document.documentElement.outerHTML;processContent(pageContent |
| XZ Backdoor symbol deobfuscation. Updated as i make progress |
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.
Some notes, tools, and techniques for reverse engineering Golang binaries.
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <vector> | |
| RECT gUsableAreaCoords = {0}; | |
| RECT gCurrentPos = {0}; | |
| INT gVelocityX = 5; | |
| INT gVelocityY = 5; | |
| DWORD gLast = 0; |
Note: I have moved this list to a proper repository. I'll leave this gist up, but it won't be updated. To submit an idea, open a PR on the repo.
Note that I have not tried all of these personally, and cannot and do not vouch for all of the tools listed here. In most cases, the descriptions here are copied directly from their code repos. Some may have been abandoned. Investigate before installing/using.
The ones I use regularly include: bat, dust, fd, fend, hyperfine, miniserve, ripgrep, just, cargo-audit and cargo-wipe.
