Analysis of Msfvenom shellcode: linux/x86/exec

Analysis of Msfvenom shellcode: linux/x86/adduser

Analysis of Msfvenom shellcode: linux/x86/shell_reverse_tcp

A demonstration of a custom encoding scheme

A demonstration of an egg hunter searching for shellcode

A nice walkthrough of creating a reverse shellcode from scratch

From my experience playing around with socket programming in C and Python, there is a basic formula and group of function calls for creating clients and servers. Most of them will be useful to us. A couple won't be applicable to our situation.

Recently when working on a Clojure web app I ran into a scenario where I wanted to do a little bit of integration testing. What I wanted to do was post some data to the same endpoint that my webform would post to. The problem was that the app used ring-anti-forgery for CSRF protection. Because of this, I needed to figure out a way to spoof this anti-forgery token when making POST requests using Clj-http. The solution came out of a lot of trial and error.

Lately I have been exploring functional programming and have been spending a lot of time working with Clojure. As I spend more and more time with it I find that there are particular aspects of the language that I find beautiful and enjoyable. Some of these aspects come from the fact that Clojure is a LISP dialect of programming language. Other aspects come from the fact that Clojure is a functional language. Here are 5 great experiences I have had while learning the language:

Today wrapped up RailsConf 2014 in Chicago, Illinois and I have to say that it was quite a good time. This was my first RailsConf and it definitely lived up to its reputation. From DHH trolling that TDD is nonsense in his Keynote speech to Tenderlove making a live merge of the "AdequateRecord" branch into Rails master it was never a dull moment.

Recently after a co-worker pushed code to our continuous integration server Jenkins was saying that the build was broken and that a constant was being called that wasn’t initialized. What was strange is that the code my co-worker pushed ran just fine when I ran it on my work Mac Laptop as well as some of my other co-workers Mac Laptops. This has to be some sort of weird Mac / Linux difference.

While working with Rails 4 today I was attempting to use the new .not method of ActiveRecord. This method is similar to the jQuery .not method as it allows you to filter your result set where a particular attribute of your result does NOT match what you pass in as .not’s argument. The syntax is:

Recently while working at my day job the need arose to utilize multiple databases to deliver a result in Drupal’s Views module. Not only did we need to utilize multiple databases but the databases reside on two different servers. I know that Drupal has the ability to connect to multiple databases but I had never considered how Views would utilize both databases or if it was even possible.

For security purposes I like to keep confidential information out of my git repositories. While hosting a site with Heroku for a little while I learned that they advocate environment variables for storing sensitive information. I later switched over to my own server and wanted to replicate this setup. I threw my environment variables in the .bash_profile of the user associated with my application and found out that when ruby is started on the server a login doesn’t appear to occur for that user even though the process is owned by the user. The .bash_profile never appears to get loaded up. My environment variables weren’t being loaded up into my application as I had anticipated.

I recently ran bundle update on an older rails application that I had been developing. I added a few specs and when I went to run them I was greeted with the following error:

It has been awhile since my last blog post and quite a lot has happened. Since my last blog post I have completed a large Drupal 5 to Drupal 7 migration (The d5 to d7 migration has actually been an ongoing endeavor that was finally completed after a years worth of development), implemented authorization via cancan on this blog, and implemented nested comments via polymorphic associations and the ancestry gem on this blog. I should have quite a lot to talk about now!

After setting up a Twitterfeed account to populate my social networking profiles with data from my blog’s Atom feed, I immediately noticed that the shortened bit.ly links that Twitterfeed was sending to my social media sites were broken. Even though I had selected bit.ly as the service I would like to use to shorten my url’s, the links would show up on Twitter, Facebook, and Linkedin as Tinyurl links