Learning about "sources and sinks" is a good starting point for understanding the need of using design patterns to achieve secure programming. Great video and good explanation!
This is a great explanation. I frequently find myself grepping for potentially unsafe functions when cleaning hacked WordPress sites. Almost nobody has a legitimate use for PHP exec, shell_exec, passthru, or eval, yet almost every packed PHP web shell I've encountered uses some variant for decoding and exploitation.
Backwards > all !!! When you were young and you got the game with multiple wire and 1 solution, I just followed from the end the wire to know the solution !
Hold shift right when the linux OS starts to get into grub, then go into advanced options, then recovery mode and go into the terminal as root. Then you have access to all the files and rm -rf / does not require a sudo, but there's no gui.
Lassigamer Three things: Idk which Version of Ubuntu u use, but with 16.04 you get prompted the root password when booting into recovery mode for a shell . Second, rm -rf / doesn't work for known reasons, you have to pass --no-preserve-root to delete / . Third, if someone has physical acess to a PC with a malicious intent, you are clearly fucked. In GRUB, the attacker could add init=/bin/bash to the Kernel cmd line, and voilà, you are booting straight into a root Shell. Or He could use a live CD / remove the HDD to add a backdoor / change the root pwd or add other privileged users, 2nd of which might be less obvious. PS: sry for my Bad spelling, i'm from Germany and only 16 y/o
today I got an interview call and after an introduction they asked my experience in java after that they asked "and sunk security "where i replied "I am not familiar with that term " and that's it . I rejected . but my point to comment here is this topic/term "sunk security" so common in IT?, please someone guide me , i am getting curious to understand this topic which i never encounter in my past but everybody know about this . is this come under testing category in software field. did i understand correctly ?
Bei 0:54 habe ich die ganze Zeit überlegt was dieser schwarze Fleck bedeutet. Bis ich aus dem Vollbild raus bin und gemerkt habe, dass das "i"-Icon hinterlegt werden sollte. Aber bei einem Monitor mit 21:9 ist das Icon ausserhalb vom Video =P
why is there a weird whisper at 7:18 lol and i think i've heard one before too but i've ignored it. It kinda sounds like a german word "oder" which means "or" and you've said or afterwards, and I know that you are german so maybe you've said oder instead of or and then edited it but it's still here somehow. Why am I even thinking about this xD
PHP has a regex match function that can execute code... The more I learn about PHP, the less I like it. It's like they are TRYING to make it insecure. I mean, come on. Or if the file passed to the PHP interpreter can't be found, just take the closest one. WTF PHP.
regex= regular expression. It's a way to filter strings which match a certain pattern. A pretty basic example: "^Hello [a-zA-Z]+\." matches if the String starts(^) with "Hello " followed by a character between a-z or A-Z *once or more*(+) and ends with a fullstop (the "\" removes the special meaning of ".") The program checks the String character by character if it matches the given expression and stops if it hits any character that does not match (String doesnt match pattern) or reaches the end of the expression (String matches pattern) It's basicly just a syntax to tell the program what kind of pattern you are looking for in the String. You can visit regex.com to play around with it and get all the special characters and short explainations what they do.
MrAntiKnowledge Great explanation! but I think its not enough for people to understand it clearly and completely, I might try to make a code equivalent for each regex samples, which is a lot of work. :(
Well it depends on who you want it to explain to and for what reason. Maybe you could try explaining it as kind of a advanced version of a wildcard (*.txt) since that seems to be something even techilliterate people are sometimes familiar with. If you audience is more techliterate you could use finite state automatons to explain it. Or are you more interested in the actual implementation of the "matching".
The actual implementation of matching, from quantifiers matching to lookahead captures and recursion capture, I would say the audience and tech literate programmers, they also use linux but not so much for the grep, sed and other stuff with reg expression. The reason is so that not many people interrupt me with regex questions while working. Teach a man a fish and they will eat everyday as they say.
Learning about "sources and sinks" is a good starting point for understanding the need of using design patterns to achieve secure programming. Great video and good explanation!
This is a great explanation. I frequently find myself grepping for potentially unsafe functions when cleaning hacked WordPress sites. Almost nobody has a legitimate use for PHP exec, shell_exec, passthru, or eval, yet almost every packed PHP web shell I've encountered uses some variant for decoding and exploitation.
"sources" and "sinks" are also common terminology in stream processing among other software engineering related things.
a good example is pulseaudio
By the way, innerHTML is not a function, but a property on DOM elements
oooops.
No worries, I just wanted to mention that :) I believe you have an awesome channel and I have learned a lot. Don't take this as nitpicking :)
Meinem Schlafrythmus gefällt das
Very interesting. I do this a lot and never knew the name of the method! 🤔
In electronics and control they are used to explain if the device is connected between the controller/processor and ground or Vcc
these videos are so useful for learning new stuff
Backwards > all !!! When you were young and you got the game with multiple wire and 1 solution, I just followed from the end the wire to know the solution !
wäre dann die IF anweisung mit exit ein Sanitizers. Muss nächste Woche präsentation über Code tainting halten
Great video! Thanks again
Excellent !
Hold shift right when the linux OS starts to get into grub, then go into advanced options, then recovery mode and go into the terminal as root. Then you have access to all the files and rm -rf / does not require a sudo, but there's no gui.
I'm a local server guy, I use Ubuntu because it's nice to use with my server.
Lassigamer Three things: Idk which Version of Ubuntu u use, but with 16.04 you get prompted the root password when booting into recovery mode for a shell . Second, rm -rf / doesn't work for known reasons, you have to pass --no-preserve-root to delete / . Third, if someone has physical acess to a PC with a malicious intent, you are clearly fucked. In GRUB, the attacker could add init=/bin/bash to the Kernel cmd line, and voilà, you are booting straight into a root Shell. Or He could use a live CD / remove the HDD to add a backdoor / change the root pwd or add other privileged users, 2nd of which might be less obvious.
PS: sry for my Bad spelling, i'm from Germany and only 16 y/o
i like to think of the sinks as consumers of the data generated from sources. e.g. event listeners
Great video, thanks .
today I got an interview call and after an introduction they asked my experience in java after that they asked "and sunk security "where i replied "I am not familiar with that term " and that's it . I rejected . but my point to comment here is this topic/term "sunk security" so common in IT?, please someone guide me , i am getting curious to understand this topic which i never encounter in my past but everybody know about this . is this come under testing category in software field. did i understand correctly ?
Such a great video...
Bei 0:54 habe ich die ganze Zeit überlegt was dieser schwarze Fleck bedeutet. Bis ich aus dem Vollbild raus bin und gemerkt habe, dass das "i"-Icon hinterlegt werden sollte. Aber bei einem Monitor mit 21:9 ist das Icon ausserhalb vom Video =P
Oh guter Tipp. Vllt mache ich das nicht mehr
Can you post the link to the github repo with sinks for domxsss?
Simple google search... that's all it took
why is there a weird whisper at 7:18 lol and i think i've heard one before too but i've ignored it. It kinda sounds like a german word "oder" which means "or" and you've said or afterwards, and I know that you are german so maybe you've said oder instead of or and then edited it but it's still here somehow. Why am I even thinking about this xD
probably, yeah. I just like to think too much about non important things
PHP has a regex match function that can execute code...
The more I learn about PHP, the less I like it. It's like they are TRYING to make it insecure. I mean, come on.
Or if the file passed to the PHP interpreter can't be found, just take the closest one. WTF PHP.
Just use the Divergence Theorem
Where i can get the starting tone?
Make a video from where person can start learnexploits like hacking, penetration testing etc
4:28 ... i heard echo
what is the concept of regex, I can do it, but I can't really explain it very well to anyone
regex= regular expression. It's a way to filter strings which match a certain pattern.
A pretty basic example: "^Hello [a-zA-Z]+\." matches if the String starts(^) with "Hello " followed by a character between a-z or A-Z *once or more*(+) and ends with a fullstop (the "\" removes the special meaning of ".")
The program checks the String character by character if it matches the given expression and stops if it hits any character that does not match (String doesnt match pattern) or reaches the end of the expression (String matches pattern)
It's basicly just a syntax to tell the program what kind of pattern you are looking for in the String.
You can visit regex.com to play around with it and get all the special characters and short explainations what they do.
MrAntiKnowledge Great explanation! but I think its not enough for people to understand it clearly and completely, I might try to make a code equivalent for each regex samples, which is a lot of work. :(
Well it depends on who you want it to explain to and for what reason. Maybe you could try explaining it as kind of a advanced version of a wildcard (*.txt) since that seems to be something even techilliterate people are sometimes familiar with.
If you audience is more techliterate you could use finite state automatons to explain it.
Or are you more interested in the actual implementation of the "matching".
The actual implementation of matching, from quantifiers matching to lookahead captures and recursion capture, I would say the audience and tech literate programmers, they also use linux but not so much for the grep, sed and other stuff with reg expression. The reason is so that not many people interrupt me with regex questions while working. Teach a man a fish and they will eat everyday as they say.
#sourcesandsinks
4:55 komma ? that must be a german :P
First one 💪
who else come here for sink & source in plants?? 🤓
hi
Can't wait for the "first" comments...
Not considered on topic or good, classic stackoverflow. Not letting good questions live :(
What?
Bruh I came here for plants
taint analysis huh, not sure about this field.