All posts by PF

“Reverse Engineering for Beginners” free book

Sh*ts

Written by Dennis Yurichev (yurichev.com).

Praise for the book

  • Its very well done .. and for free .. amazing.’ (Daniel Bilar, Siege Technologies, LLC.)
  • …excellent and free (Pete Finnigan, Oracle RDBMS security guru.).
  • … book is interesting, great job! (Michael Sikorski, author of Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software.)
  • … my compliments for the very nice tutorial! (Herbert Bos, full professor at the Vrije Universiteit Amsterdam.)
  • … It is amazing and unbelievable. (Luis Rocha, CISSP / ISSAP, Technical Manager, Network & Information Security at Verizon Business.)
  • Thanks for the great work and your book. (Joris van de Vis, SAP Netweaver & Security specialist.)
  • … reasonable intro to some of the techniques. (Mike Stay, teacher at the Federal Law Enforcement Training Center, Georgia, US.)

As seen on…

… hacker news, reddit #1#2#3habrahabr.

Contents

Topics discussed: x86, ARM.

Topics touched: Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.

 

WordPress XML DOS

Wordpress, ,

 

Major Security Vulnerability in WordPress, Drupal Could Take Down Websites

Nir Goldshlager, a security researcher from Salesforce.com’s product security team, has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.

The vulnerability uses a well-known XML Quadratic Blowup Attack — and when executed, it can take down an entire website or server almost instantly.

WordPress and Drupal are used by millions of websites. The latest statistics from the World Wide Web Consortium (WC3) show WordPress alone powers nearly 23% of the web.

 

 

http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/

 

MySQL allow external connections

Uncategorized
Grant privileges

Under root user execute:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password';
Bind to all addresses

Edit your my.cnf, generally located in bind-address = 127.0.0.1.

  • /etc/my.cnf
  • /etc/mysql/my.cnf
  • $MYSQL_HOME/my.cnf
  • [datadir]/my.cnf
  • ~/.my.cnf
#bind-address = 127.0.0.1

Restart mysql

service mysql restart

Intro to Linux – free on edX

Linux, , ,

Intro to Linux – free on edX from Linux Foundation

 

 

Learn Linux with This Free edX Course from the Linux Foundation

Intro to Linux is normally a $2,400 course from the Linux Foundation, but it’s being offered for free now on edX. If you’ve ever wanted to learn how to use the open source operating system, there’s no better time than now.

Source http://lifehacker.com/learn-linux-with-this-free-edx-course-from-the-linux-fo-1612770920

Rackspace vs AWS vs Internap

Uncategorized

 

I wanted to make sure you saw the new research report from Cloud Spectator, Benchmarking a NoSQL Database on Bare Metal versus Public Cloud. Cloud Spectator’s benchmark tests confirm the price-performance advantages of running big data workloads in bare-metal environments over comparable virtual offerings from Amazon Web Services and Rackspace.

Example findings include:

  • Internap outperformed Rackspace by 5x and Amazon by 51% on throughput speed when loading data into the database.

  • Internap had 59% less latency than Amazon and 32% less latency than Rackspace when testing a balanced workload.

  • The equivalent monthly price of hosting an Aerospike database on Internap’s bare-metal servers was at least 78% less expensive than doing so on Amazon I2 or Rackspace Performance Server.