Many times I’ve used Netcat to setup (reverse) shell from a compromised
machine. Digging into services lately, I thought why not use a service
to make Netcat a persistent to be able to return to the machine.
As a penetration tester you really must log all steps you take to make a
complete and detailed report for the client. Ofcourse you can’t help that
once in a while you miss one step. From my training
I got a valuable tip to use the script command for logging complete terminal
Using “git push --force” is really evil. You force your current state of
a local branch upon the remote branch, no matter what. Even if some commit
got pushed right before your force push, it would be overwritten without
any notice at all! Unfortunately with a rebasing strategy you can not avoid it.
The Netherlands was plagued by numerous DDOS attacks lately. The tax
authorities, Bunq bank and many other banks and government agencies.
The attacker was careless and left some traces and was even arrogant
enough to seek contact with the sysadmin of Tweakers.net, one of the
Frequently I am working on a large commit having many changed files or running
a precarious debug session or time consuming test. But some other urgent task
comes by forcing me to switch branches. Today I was running a time consuming
test so I had enough time to investigate out how I could update another
branch and push a commit to origin.
Sometimes I get a very worried person at my desk, thinking he just screwed
up bigtime and lost some important commit he made. When you think your work
has been lost for good due to some git commands you executed, think again!
Git tracks everything and actually never really loses a commit…
Jekyll does support tags, but what about determining related posts based on
tags of the post? Jekyll does not support tags very well. There is no support
for a tag archive page, neither does it support listing related posts. Let’s
make this work!
Recently I was asked to give feedback on a new website. It uses Wordpress,
but why? Why not? So I researched a bit and was able to give a well-founded
about the risk of having plug-ins installed.
To me Universal Plug and Play (UPnP) alway was a mysterious protocol. When
some cool program required an open port, UPnP made it happen. When some
fancy program did not work, someone would ask me: “Did you enable UPnP”?
Right, I forgot… I had no clue what magic UPnP did for me.
At times I find myself in situations in which I can not rely on my favorite commandline text editor VIM.
But of course editing files is a must. Writing my own non-interactive line editor actually did cross my mind,
but hold on… What about my old time friend sed?!
A while ago someone notified me that my website had broken by a change I made.
“I got a tip for you! You should check it out with git bisect” and so I did.
It was great to learn such a nifty feature of git. I shared my experience with
some other git users but none of them knew about git bisect.
By default almost everyone is using “git pull” to update their local branch.
When someone has forced pushed the result of a rebased to a repository,
executing a simple “git pull” will often give you merge conflicts. What is
going on and how should you get to the latest truth to continue working?
In the .NET Framework using reflection was always a bit cool when you needed it
to solve a problem. Of course you have the performance penalty in mind when
using it. Querying objects at runtime and even call properties and execute
methods on that object, that’s awesome! But what about having an interface that
answers those queries?
Equifax is a consumer credit reporting agency and last week it got hacked. Now
the information of 143 milion US citizens, about 45% of the population, has
been compromised by hackers. The hackers got access to names, birth dates,
addresses but also social sercurity numbers and in some cases drivers license numbers.
Many years ago, I studied the art of picking locks. Not to do anything illegal, but just to learn about locks and how
they work. Most importantly, open locks in a non-destructive way the manufacturer certainly did not intend to open. I bought
a lock picking set and a practice lock. Over the years I collected some other locks, formerly used in real life. I finally
got a chance to show off my skills.
I am working on a windows laptop, so getting jekyll to work correctly seems
to be troublesome. So before pushing changes to my repository, I would like
to check them on a jekyll docker image running on my NAS. Using the
“git format-patch” command, we export out commits and apply them on our
jekyll docker image to build and html-proof our site.