The goal of this blag post is to get a legacy software used by teachers to run under Linux. The software is used to put grades of pupils into a database.
Would you like to know more?
Would you like to know more?
In this blob post, I will describe how I wrote a config extractor for obfuscated JavaScript-based GootLoader component. The hard part of automating the config extraction is the obfuscation: the C2 servers are just plain text in the last stage. All code is on Github if you are just interested in that.
# Intro
A fellow Cyberian struppigel recently released Samplepedia, a platform were people can drop SHA256 hashes of files with a description and an analysis goal and some other metadata. My understanding is that the goal is to finally have a place to find interesting malware to analyze, a question I get asked a lot when teaching reverse engineering.
Naturally I picked a task myself and decided to do one involve JavaScript, something I don't have a lot of expose to as a reverse engineer (I do have some exposure to it as a forward engineer, but that's a different story). The sample in question is
1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f and the task is:
> Create a static C2 extractor that uses abstract syntax tree transformations with Babel. You can use astexplorer.net as helper tool.
I was particularly intrigued because I've recently seen other people be extremely successful leveraging "normal dev tooling" in the JavaScript ecosystem to tackle challenges with JavaScript-based malware.
Would you like to know more?
I've been using a Co2 sensor for a long time now to remind myself to regularly open the window and vent the used up air. With my recently newly acquired hobby of home automation, I wanted to get its data into HomeAssistant to _automatically_ switch on the ventilation. This blag post documents my journey with a couple of detours and a bit of hacking.
Do you want to know more?
I've recently fallen into the rabbit hole of using home-automation. The obvious choice is Home Assistant and I've enjoyed the journey a lot so far. This blag post documents my process of automating all those crappy remote controlled gadget that accumulated in the house: that cheap light bulb, those cheap fairy lights, or that cheap LED strip … you might know what I mean. The remotes come in all forms and sizes and are often quite thin, powered by a button cell, and work occasionally. I have a literal box full of them.
Do you want to know more?
I'm known for my Ghidra stand-up comedy routines. In order to make them enjoyable for everyone in the room, the font size better be not as tiny as it normally is when you do your day-to-day reverse engineering. There are two places to consider:
1. menus, dialogs, etc.
2. specialized components like the assembly listing view and the decompiler
# Font Size Override
The first can be adjusted by editing the
launch.properties file, which is normally located in the support directory within your Ghidra directory (C:\Users\born\Programs\ghidra_11.0.1_PUBLIC\support\launch.properties on my machine). Just add the following somewhere in the file to adjust the font size to 23:
VMARGS=-Dfont.size.override=23
This is a quick one: If you are living in Germany but enjoy using a US keyboard layout — for one reason or another — I recommend using the EU keyboard layout instead.
Do you want to know more?
NSQ is an awesome and extremely simple distributed message queue. You can simply use it by publishing messages — that is arbitrary text, I often use JSON — on a so called "topic". A second process can than attach to a topic to consume messages on a so called "channel". Each messages is forwarded into each channel (at least once). This blag post covers deployment of NSQ in the simplest scenario: one box running everything.
Do you want to know more?
Assume you did all the proper and mature building steps for your Symfony application. You have a build environment independent of your development environment. You really made sure all the environment variables like
COMPOSER_NO_DEV and NODE_ENV are set correctly without getting the double negatives confused. And you execute composer, yarn, and whatnot with all the good switches like --no-dev, --frozen-lockfile, and --production. But you still get the following error message:
Attempted to load class "WebProfilerBundle" from namespace "Symfony\Bundle\WebProfilerBundle".
Did you forget a "use" statement for another namespace?
APP_ENV="prod" on the **production system**. It of course makes sense when you think about it. But it always does, once you figured out. Anyway: I hope this helps a fellow traveler at some point in the future! ❤️
Just a quick blag for my future self:
FOR row IN coll
FOR entry in doc.array
FILTER entry.field_name != @field_name
LIMIT @limit
RETURN DISTINCT doc
DISTINCT on the RETURN fixed the problem of "I'm getting the same document over and over again" it now doesn't return @limit many documents but seemingly a random — but lower — number. What's actually happening here is, that the indentation is deceiving: the last two lines should be indented one more.
FOR row IN coll
FILTER POSITION(doc.array[*].field_name , @field_name) == false
LIMIT @limit
RETURN doc
FOR row IN coll
FILTER @field_name NOT IN doc.array[*].field_name
LIMIT @limit
RETURN doc
The official documentation on ArangoDB usage in Symfony is [literally from 2013](https://www.arangodb.com/2013/03/getting-started-with-arangodb-and-symfony-part1/) and hence targeting a pretty old Symfony version. This blag post will cover adding minimal ArangoDB support by hand. The actual database protocol and interacting will be handled by [ArangoDBClient](https://github.com/arangodb/arangodb-php).
Show me what you've got!
If you want to perform
SOUNDEX similarity searches with Doctrine in Symfony, you first need to define it as a so called "DQL User Defined Functions". Resources online are a bit dated so I decided to publish this quick blag post.
That _sounds_ nice, show me more!
When creating invitations to Discord servers – or "guilds" how they seem to called internally – you can configure some limits. For example, you can limit the number of times a link can be used to join a server or you can configure an expiry date. The default setting for the time limit is 7 days btw, which is why most links are expired when you come back to them after some time. I was in the situation that I wanted to invite a limited number of people to a Discord server and each should only receive a link that can only be used once. So in some sense, I wanted to create personalized invite links, which doesn't seem to be a use case that's supported out of the box.
So let's use Python!