Skip to content

Instantly share code, notes, and snippets.

View yeukhon's full-sized avatar

Yeuk Hon Wong yeukhon

31 followers · 0 following
  • TikTok USDS / ByteDance
  • New York, NY
  • 04:40 (UTC -04:00)
View GitHub Profile
@yeukhon
yeukhon / security-to.md
Last active August 29, 2015 14:03
Security TODO

XSS escape effectiveness in popular template render engine

In the Python ecosystem, there are three popular template render engines: Django's built-in template engine, Jinja2 and Mako.

How good are these render engines against XSS. Is {{ foo }} enough? Under what sitations do {{ foo }} fail? The importance of this research is to understand (1) the context-awareness of template engine, if at all, (2) understand the challenge of encoding in the HTML world, and (3) and best practices when using template render engine.

@yeukhon
yeukhon / readme.md
Last active October 26, 2020 06:54
SQL injection walk-through

Live demo: http://sqlfiddle.com/#!2/8cd47/23

Oh I heard you like SQL injection so here is a mini guide just so I don't have to google again or remind myself whatever the fuck I am reading.

Step -1: Setting up..

CREATE TABLE users (
  id int,
@yeukhon
yeukhon / gist:5d1a30eed185e53deb86
Created June 7, 2014 06:21
http://docs.oracle.com/javase/tutorial/java/
Books:
1. http://introcs.cs.princeton.edu/java/home/
2. http://greenteapress.com/thinkapjava/thinkapjava.pdf
MIT: http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-092-introduction-to-programming-in-java-january-iap-2010/
@yeukhon
yeukhon / gist:00d25f354b6bf44eff0a
Last active August 29, 2015 14:02
First time
hg pull -u
hg qnew bug1.patch
Next week, refresh latest before submitting my patch to bugzilla
hg qpop -a
hg pull -u
hg qpush <the patch i want>
@yeukhon
yeukhon / task-in-sdk.js
Last active August 29, 2015 14:01 — forked from jsantell/task-in-sdk.js
const { Task } = Cu.import("resource://gre/modules/Task.jsm", {});
const { defer, all } = require("sdk/core/promise");
const { setTimeout } = require("sdk/timers");
Task.spawn(function * () {
let item1 = yield getItem(1);
let [item2, item3] = all([getItem(2), getItem(3)]);
console.log(item1, item2, item3); // 1, 2, 3
}).then(function () {
console.log('all items processed')
@yeukhon
yeukhon / gist:122a72f9221fd3240953
Last active August 29, 2015 14:01
Definitely take
1. Software engineering
2. Database
Elective courses:
Category A:
- AI
- Computer Security
@yeukhon
yeukhon / local_min.py
Last active August 29, 2015 13:58
local_min.py
import unittest
def find_local_min(A):
if len(A) == 0:
return None
elif len(A) == 1:
return A[0]
else:
if A[0] < A[1]:
return A[0]
@yeukhon
yeukhon / intercept-https-with-python-mitmproxy.md
Created January 23, 2014 04:48 — forked from dannvix/intercept-https-with-python-mitmproxy.md

Intercepts HTTPs Traffic with Python & mitmproxy

Introduction

Modern applications usually make use of back-end API servers to provide their services. With a non-transparent HTTPs proxy, which intercepts the communication between clients and servers (aka the man-in-the-middle scheme), you can easily manipulate both API requests and responses.

This manual helps you create your own proxy with Python and mitmproxy/libmproxy. Mitmproxy ships with both a standalone command-line tool (mitmproxy) and a Python library (libmproxy).

@yeukhon
yeukhon / config.ini
Last active January 2, 2016 13:19
Usage: chmod +x generate-plugin.py ./generate-plugin config.ini
[plugin]
; output directory (if input /home/user, output to /home/user/{plugin_package_name})
location: ?
; plugin name: ZAP, Django Security, O-SAFT
plugin_name: ?
; plugin package name: minion-zap-plugin, minion-django-security-plugin, minion-osaft-plugin
plugin_package_name: minion-?-plugin
@yeukhon
yeukhon / gist:8217678
Created January 2, 2014 11:04
{
"options": {
"osShell": false,
"getUsers": false,
"getPasswordHashes": false,
"excludeSysDbs": false,
"uChar": null,
"regData": null,
"cDel": null,
"cpuThrottle": 5,