Skip to content

Instantly share code, notes, and snippets.

View ondrj's full-sized avatar
🎯
kinda focusing

Ondřej ondrj

🎯
kinda focusing
View GitHub Profile
@stettix
stettix / things-i-believe.md
Last active December 5, 2024 15:29
Things I believe

Things I believe

This is a collection of the things I believe about software development. I have worked for years building backend and data processing systems, so read the below within that context.

Agree? Disagree? Feel free to let me know at @JanStette.

Fundamentals

Keep it simple, stupid. You ain't gonna need it.

https://seclists.org/fulldisclosure/2019/Aug/1
https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67
https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/
https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM
http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html
https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6
https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html
Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life.
https://twitter.com/thegrugq/status/563964286783877121
--
You can get 25% off a Mandiant incident response with the code: ITWASCHINA. 100% off if you just use that code as the report.
https://twitter.com/thegrugq/status/600345075562909696
--
Fear of 0day is like being terrified of ninjas instead of cardiovascular disease.
https://twitter.com/thegrugq/status/851001030019907588
@johnazariah
johnazariah / free.fs
Created April 3, 2018 22:02
Free Monad with Trampoline Infrastructure and Computation Builder
// F<'a> is any type with member 'map' of type ('a -> 'b) -> F<'a> -> F<'b>
type F<'a> = QIL<'a>
and S<'a> = F<Q<'a>>
and Q<'a> =
private
| Step of Step<'a>
| Bind of IBind<'a>
with
static member lift (k : F<'a>) : Q<'a> = Step (Suspend (fun () -> S<_>.map (Yield >> Step) k))
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active December 28, 2024 23:51 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

THIS DOCUMENT

IS OUT OF

DATE

C++ Coding Standards Part 0: Automated Code Analysis

Automated analysis is the main advantage to working with a modern statically typed compiled language like C++. Code analysis tools can inform us when we have implemented an operator overload with a non-canonical form, when we should have made a method const, or when the scope of a variable can be reduced.