RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit SummaryWhat Are We Gonna Learn Here Today?Pre-RequisitesNote About Source CodeIntroChasi... 2021-12-20 19:22:10 | 阅读: 152 | 收藏 | parsiya.net vscode remote parsia client startparams

A Hands-On Intro to Semgrep's Autofix PrerequisitesTesting RulesSemgrep PlaygroundSemgrep CLIAutofix VariantsFixPython -... 2021-10-26 12:00:47 | 阅读: 88 | 收藏 | parsiya.net semgrep addcookie sethttponly parsiya

Modify GitLab Repositories from the CI Pipeline QuickstartBuilding a Simple ExampleAuthentication TokensCreating a Personal Access TokenCre... 2021-10-11 17:12:58 | 阅读: 63 | 收藏 | parsiya.net gitlab repository ssh runner username

Attack Surface Analysis - Part 3 - Resurrected Code Execution SummaryIntroductionSome HistoryThe Original BugProtocol HandlersCommand-Line SwitchesLoginOutput Fil... 2021-09-27 12:50:38 | 阅读: 93 | 收藏 | parsiya.net myroot windows remote switches inject

The Thick Client Vulns That Weren't A few days ago I saw a tweet about thick client vulnerability. I am not linkingto it because it app... 2021-07-31 12:30:59 | 阅读: 52 | 收藏 | parsiya.net client thick acls windows

Semgrep: The Surgical Static Analysis Tool Why are We Here?Static Analysis In The Real WorldJust Use grepEnter SemgrepSemgrep is Bean from Ende... 2021-06-23 10:42:06 | 阅读: 140 | 收藏 | parsiya.net semgrep analysis security ender tied

The JavaScript Bridge in Modern Desktop Applications What's The JavaScript Bridge?Why is The JavaScript Bridge Important?ExamplesRazer Comms - CEFOrigin... 2021-06-08 16:53:25 | 阅读: 115 | 收藏 | parsiya.net machine comms razer cef gonna

Public Remote File Share in The Cloud Problem StatementResearchEC2 InstanceEC2 WizardAfter Instance LaunchSetting Up SSH AccessSetting Up... 2021-06-01 02:20:40 | 阅读: 134 | 收藏 | parsiya.net ssh ec2 samba machine nano

Testing Extensions in Chromium Browsers - Nordpass What Are We Gonna Learn Here Today?RequirementsBrief ReconThe Local ServerThe Desktop ApplicationThe... 2021-05-01 06:20:40 | 阅读: 261 | 收藏 | parsiya.net subtle ecdh uint8array gcm unhexlify

Attack Surface Analysis - Part 2 - Custom Protocol Handlers IntroductionPrivilege Escalation via Protocol HandlersUnsanitized InputPossible RCE through Windows... 2021-03-20 12:59:37 | 阅读: 282 | 收藏 | parsiya.net remote windows injection mirc payload

Automagically Deploying Websites with Custom Domains to Github Pages Recently, I have started moving my non-critical websites to Github pages. I amdocumenting the proce... 2021-02-18 02:56:33 | 阅读: 84 | 收藏 | parsiya.net github parsiya repository hugo namecheap

Some SANS Holiday Hack 2020 Solutions This year like last year and unlike 2018, I only did a few of the SANS HolidayHack challenges. I go... 2021-01-18 04:33:47 | 阅读: 123 | 收藏 | parsiya.net munchkin santa castle moveto door

Attack Surface Analysis - Part 1 - Application Update: 'A Novel Way to Bypass Executable Signature Checks with Electron' Light Attack Surface AnalysisWhat is Privilege Escalation?From Update to Privilege EscalationSpoofin... 2021-01-09 15:33:32 | 阅读: 135 | 收藏 | parsiya.net windows updater download attacker github

The $15000 PlayStation Bounty Earlier in December 2020, my PlayStation Now report was disclosed. You can seethe report at https:/... 2021-01-02 08:29:00 | 阅读: 83 | 收藏 | parsiya.net bounties learnedi doubt lesson shunning

Customizing Python's SimpleHTTPServer How to Serve FilesCustom GET ResponsesCustom Response HeadersRead Request Path and Query StringsRead... 2020-11-16 13:57:46 | 阅读: 101 | 收藏 | parsiya.net python wfile myhandler rfile

The Same-Origin Policy Gone Wild FoundationsThe Origin HeaderForbidden HeadersSame-Origin Policy SimplifiedCross-Origin Resource Shar... 2020-11-02 13:02:53 | 阅读: 114 | 收藏 | parsiya.net security sop handshake mozilla developer

localghost: Escaping the Browser Sandbox Without 0-Days I had the hono(u)r of presenting in the DEF CON 28 Appsec village.Unfortunately, my super-duper awe... 2020-08-14 12:38:06 | 阅读: 129 | 收藏 | parsiya.net duper pdfyoutube cgl51zcaclg presenting appsec

No, You Are Not Getting a CVE for That An intentionally insecure system is insecure. As Raymond Chen says, "You can't make up forthe absen... 2020-07-26 08:21:15 | 阅读: 77 | 收藏 | parsiya.net security hatchway airtight raymond inject

Thick Client Proxying - Part 11 - GOG Galaxy and Extract-SNI SetupProxy AttemptsCEF Applications and Windows Proxy SettingsConfig FilesCommand Line ParametersChe... 2020-06-23 01:49:35 | 阅读: 139 | 收藏 | parsiya.net gog proxy burp windows tid

Go Slices and Their Oddities SlicesSlice has an Underlying ArrayA Slice is a HeaderQuestionsQuiz 1Slices Can Be Modified in Funct... 2020-05-18 14:37:21 | 阅读: 112 | 收藏 | parsiya.net surprise printslice assignment slices