Hey everyone,
I will talk about some experiments I did with FastAPI and deploying on Zeit.co.
Context: For one side-project, I needed a simple way to retrieve the information from a specific Android application (eg. io.shodan.app) on the Google Store and a download link from APKPure (if any).
I thought that this would have been a great playground to get my hands on FastAPI, a very promising framework that I never had time to play with.
... ➦Hi everyone,
Here is a small blog post where I needed to work on an Ionic v5 project where (Angular) events were/are not working anymore.
Context: Basically, I was working on the side-menu ‘starter’ where I wanted the side-menu to automatically update with the user’s username after logging in.
Beforehand, in order to use the Events, it was as simple as:
import { Events } from '@ionic/angular';
And finally work on your logic, but this got removed in Ionic 5. You can see the changelog here: https://github.com/ionic-team/ionic/blob/45d03baf981d0e10eb1fe689908532adef2ba31d/BREAKING.md#events-1
... ➦Hey everyone,
Here is a small blog post regarding Kafka experiments and “foundations” I’ve started working on. I will also take the opportunity to thank Maxence S. (https://twitter.com/maxenceschmitt) for his precious help on this topic.
First off, I instanciated a Kafka (and ZooKeeper) instance
version: '2'
services:
zookeeper:
image: wurstmeister/zookeeper:3.4.6
expose:
- "2181"
kafka:
image: wurstmeister/kafka:2.11-2.0.0
depends_on:
- zookeeper
ports:
- "9092:9092"
environment:
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092
KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
Then, I basically only had to call some docker-compose-fu and.. the job was pretty much done.
Hi everyone,
Here is a small article on how I successfully deployed my Django application through Github actions. Basically, what I needed was pretty simple, as soon as I push a new commit (on master), I want to:
cfptime service (which will do all the magic)My cfptime.org project is something like ~3 years old and at the beginning, I was deploying by hand and I created a bash script in order to ease this part and this is what it looked like:
... ➦Hi everyone!
Here is a small article on some experiments I came across with the development of the new cfptime.org version. Goal: I needed to limit (anonymous) visitors on specific API endpoints (especially when creating/posting new Call For Papers to avoid flooding).
It turns out someone had similar thoughts and his blog post was pretty interested and helped me a lot. You can find the blog post here: https://www.pedaldrivenprogramming.com/2017/05/throttling-django-rest-framwork-viewsets/.
As the author states:
... ➦Hello everyone,
Here is a small article in order to explain you how I’ve deployed my Angular front-end to a server with Github actions.
Context: You might know that I am the developer behind cfptime.org and I’ve had the chance during the holidays to start re-developing the front-end using Angular. If you want to check what it looks like: https://beta.cfptime.org.
I’ve longer been a CircleCI user but it seems that the free plan is not enough in order to build my Angular project (and trust me, it’s nothing ground-breaking, just couple of API calls and that’s it).
... ➦Time to relieve this blog and I think that a review of the Corelan Bootcamp training is the perfect occasion! I had in mind to try the OSCE certification and I felt I needed to go beyond just basic buffer overflows that you might come by with OSCP for example.
I’ve had the chance to attend this training at Hack in Paris in June 2018 and I will try to give as much insights as I can without telling too much (because of NDA). The overall training is exclusively dealing with the Windows Stack and associated vulnerabilities so nothing about heap exploitation (check the Advanced training for that).
... ➦Hey there,
Following my serie of write-ups for the BSidesCBR challs, I will discuss the DerpChat one.
The instructions for this challenge were:
This web-based challenge was worth 275 points.
Run docker-compose up and then browse to https://web.shell.dance:4443/.
After browsing to https://web.shell.dance:4443/, I arrived on a registration/login page. I registered the account test/test and I finally got a page with two inputs: – One too search some messages I suppose – And one in the middle of the page stating: “Hello, could you please send me the link I was after?”.
Hello everyone!
Such a long time since I didn’t post any article. Here is a quick write-up for the BSidesCBR Cryto challenge for “needleinahaystack”.
Before diving in the challenge, huge props to all the organizers and OJ for making those challs available to everyone with Docker containers and stuff (more write-ups coming soon).
If you guys want to give it a shot, here you go, all challs are available here. The challenge we will discuss in this post (needleinahaystack) is located here.
... ➦After analyzing the HTTP Security Headers from the top 10k Alexa websites, I decided looking at the SSL Ciphers used on those websites.
These results are coming from a scan on port 443 for all those domains. Only 4715 servers replied.
The OpenSSL version installed on my server did not support SSLv2 so SSLv2 ciphers have not been detected.
... ➦