-
Fuzzing finds bugs feeding malformed or semi-maifomred data into a program.
-
This unexpected input can hopefully find bugs before they are found by attackers.
-
coverage guided or not
-
problems coverage guided and postgres
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "fileutils" | |
| require "tmpdir" | |
| class PGCoreDump | |
| attr_reader :file, :term, :bt, :query, :basename, :sha256 | |
| def initialize(file, basename) | |
| @basename = basename | |
| @file = file | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir /asa | |
| cd /asa | |
| curl -L https://github.com/microsoft/AttackSurfaceAnalyzer/releases/download/v2.0.154%2B303aa9fef5/AsaCli-linux-2.0.154.tar.gz -o asa.tgz | |
| tar xvf asa.tgz | |
| cd AsaCli-linux-2.0.154 | |
| ./AsaLaunch.sh collect -a |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Now | |
| irb(main):020:0> Benchmark.measure { User.all.group_by { |u| u.org }; nil } | |
| => #<Benchmark::Tms:0x005609082d33b0 @label="", @real=3.7103141639381647, @cstime=0.0, @cutime=0.0, @stime=0.18999999999999995, @utime=1.5, @total=1.69> | |
| # eager loading orgs | |
| irb(main):022:0> Benchmark.measure { User.eager(:org).all.group_by { |u| u.org }; nil } | |
| => #<Benchmark::Tms:0x0056090a1ccfa0 @label="", @real=1.3611143808811903, @cstime=0.0, @cutime=0.0, @stime=0.040000000000000036, @utime=1.1799999999999997, @total=1.2199999999999998> | |
| # eager loading orgs, not finding deleted users, and only getting needed columns |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // copied from https://github.com/gkaindl/meltdown-poc/blob/master/meltdown.c | |
| // flush_reload from https://github.com/defuse/flush-reload-attacks | |
| // TSX from https://github.com/andikleen/tsx-tools | |
| // dump_hex from https://gist.github.com/ccbrown/9722406 | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <errno.h> |
will
/ spectre.c
Last active
January 5, 2018 22:58
— forked from ErikAugust/spectre.c
Spectre example code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #include <string.h> | |
| #include <pthread.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ |
will
/ text_vs_binary.rb
Last active
June 30, 2017 08:59
using binary result type for timestamptz and ruby pg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "pg" | |
| require "time" | |
| PG_EPOCH = Time.gm(2000,1,1).to_i | |
| conn = PG.connect | |
| tm = PG::TypeMapByOid.new | |
| tm.add_coder PG::BinaryDecoder::Integer.new(oid: 1184) | |
| conn.type_map_for_results = tm | |
| def parse_text(r) |
SameSite=strict cookies is another layer to help prevent CSRF attacts in newer browsers
(at least 5, no clue about earlier versions)
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,3 @@
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I wanted to make InsecureRandom.uuid to speed up specs, but | |
| require 'securerandom' | |
| require 'benchmark/ips' | |
| Benchmark.ips do |x| | |
| x.report("sec") { SecureRandom.random_bytes(16) } | |
| x.report("rand") { Random::DEFAULT.bytes(16) } | |
| end if ARGV[0] == '1' |
will
/ adams-heroku-values.md
Created
May 23, 2016 20:13
— forked from adamwiggins/adams-heroku-values.md
My Heroku values
Ideas are cheap. Make a prototype, sketch a CLI session, draw a wireframe. Discuss around concrete examples, not hand-waving abstractions. Don't say you did something, provide a URL that proves it.
Nothing is real until it's being used by a real user. This doesn't mean you make a prototype in the morning and blog about it in the evening. It means you find one person you believe your product will help and try to get them to use it.