Blog of Anant Shrivastava<p><strong>Making Security Tools Accessible: Why I Chose the Browser</strong></p><p>I’ve said it before, and I’ll likely say it again until someone turns it into merch: <em>we keep bringing bazookas to wrestling matches.</em> Security tooling today is often overcomplicated, infrastructure-heavy, and assumes a technical baseline that leaves many potential users out of the equation. My goal isn’t to build shiny things for the elite few : it’s to make useful tooling accessible to people beyond the traditional developer crowd. And if that means writing JavaScript in the browser, so be it.</p><p><strong>The Security Mindset Behind My Tools</strong></p><p>The decision to build tools like <strong><a href="https://cyfinoid.github.io/sbomplay/" rel="nofollow noopener" target="_blank">SBOMPlay</a></strong> and <strong><a href="https://cyfinoid.github.io/3ptracer/" rel="nofollow noopener" target="_blank">3P-Tracer</a></strong> is grounded in simple, security-conscious principles:</p><ol><li><strong>We will not store user data.</strong> If I never collect it, I don’t have to protect it.</li><li><strong>No API keys are ever stored persistently-even client side.</strong> You paste them if needed. That’s it.</li><li><strong>No CORS proxying.</strong> Yes, it can be bypassed-but that puts someone else in the data path. That’s not acceptable.</li><li><strong>All requests are routed through your own browser.</strong> There’s no shared backend quota. If you hit your daily limit, the tool still works for everyone else. And if you’re hitting that limit daily, you’ve got bigger fish to fry.</li><li><strong>I host these tools on GitHub Pages, not under my company or personal subdomain.</strong> No advance analytics. No logging. No data siphoning. You can verify the source, download the zip, and run it locally.</li></ol><p>These decisions weren’t made because it was trendy-they were made to <a href="https://reducetheattacksurface.com" rel="nofollow noopener" target="_blank">reduce attack surface</a> and respect users.</p><p><strong>Why the Browser?</strong></p><p>Let’s be clear: I didn’t start building browser tools because I love JavaScript. I’ve long maintained that most of my sites shouldn’t need it at all. But if I want tooling that works <em>without setup, installations, or assumptions</em>, then the browser is the only interface nearly everyone has.</p><ul><li><strong>CMD fear is real.</strong> Not everyone wants to run <code>curl</code> or <code>jq</code>.</li><li><strong>Browser doesn’t judge.</strong> You double-click <code>index.html</code> and it works.</li><li><strong>JavaScript may be obnoxious-but it’s available.</strong></li></ul><p>In this specific case accessibility mattered more than stack purity.</p><p><strong>Real Examples: SBOMPlay and 3ptracer</strong></p><p>With <strong><a href="https://cyfinoid.github.io/sbomplay/" rel="nofollow noopener" target="_blank">SBOMPlay</a></strong>, I wanted to give people a way to browse SBOMs locally without uploading anything. The entire app runs client-side, and LocalStorage handles up to 2,500 Google repository SBOMs.</p><p><a href="https://cyfinoid.github.io/3ptracer" rel="nofollow noopener" target="_blank">3P-Tracer</a>, explores another idea: what if DNS, traditionally a command-line-only world, could be explored via browser using DNS over HTTPS (DoH)? Turns out-it can. And it works surprisingly well.</p><p>These tools aren’t hacks or experiments. They’re designed to show what’s possible with just a browser, some vanilla JS, and a mindset focused on doing more with less.</p><p><strong>What Works Surprisingly Well</strong></p><ul><li><strong>LocalStorage</strong> isn’t huge (5MB), but it’s enough if you’re smart about it.</li><li><strong>DoH makes DNS an API.</strong> Suddenly, browser JS can do things we thought needed dig or nslookup.</li><li><strong>Zero setup</strong>: no Docker, no Node, no dependency mess.</li><li><strong>UI can change freely</strong> without disrupting logic or function.</li></ul><p><strong>What Still Sucks (And Always Will)</strong></p><ul><li><strong>CORS is brutal.</strong> It blocks half the ideas before they start.</li><li><strong>Rate limiting exists.</strong> Fair, but still annoying.</li><li><strong>Firefox isolates localhost tabs.</strong> Broke a few things in SBOMPlay in downloaded mode. <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage#:~:text=In%20all%20current,it%20over%20time." rel="nofollow noopener" target="_blank">More Here</a></li><li><strong>IndexedDB is a future headache.</strong> LocalStorage is fine for now, but someday I’ll need to bite that bullet.</li></ul><p><strong>This is the Baseline : Ask for More</strong></p><p>Let’s be blunt. Many commercial products are just wrappers around public APIs. They charge you for a nicer UI and a login wall. My tools are here to set a baseline: <em>this is what’s already free</em>. If a vendor can’t clearly explain what value they add on top of that, they don’t deserve your money.</p><p>You don’t need my website. You can download the repo, unzip it, and double-click <code>index.html</code>. If you want to self-host it, be my guest. These projects aren’t one-shot experiments – they’re evolving tools, and I fully intend to keep enhancing their capabilities over time. And if you need something more robust-that’s when commercial or bespoke solutions start to make sense.</p><p><strong>Minimalism is the Only Defense</strong></p><p>This design philosophy ties into something I wrote earlier: <a href="https://blog.anantshri.info/a-rational-survival-guide-to-vibe-coding-with-ai/#:~:text=2.%20Minimalism%20is%20Your%20Only%20Defense" rel="nofollow noopener" target="_blank">Minimalism is your only defense</a>. The less you store, the less you expose. The simpler your deployment, the <a href="https://reducetheattacksurface.com/" rel="nofollow noopener" target="_blank">fewer your attack surfaces</a>. And when you build in the browser, client-side only, you inherit a bunch of guardrails for free.</p><p><strong>Closing Thoughts</strong></p><p>These tools aren’t replacements for terminal power-users. They’re <strong>on-ramps</strong>. They’re for people who want quick insight, not CLI acrobatics. For folks who are tired of setting up Docker to read a JSON file.</p><blockquote><p>“You don’t always need the bazooka. Sometimes, all it takes is a well-sharpened pocket knife.”</p></blockquote><p>And honestly? The browser makes for a pretty decent sheath.</p> <p><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.anantshri.info/tag/browser/" target="_blank">#browser</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.anantshri.info/tag/tool/" target="_blank">#tool</a></p>
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
4.6Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#tool
20 posts · 13 participants · 1 post today
Metal Insider<p>Tool announce return to Honolulu for first Hawaii show since 2011:</p><p><a href="https://mastodon.social/tags/Tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tool</span></a> <a href="https://mastodon.social/tags/Toollive" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Toollive</span></a> <a href="https://mastodon.social/tags/Showannouncement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Showannouncement</span></a> <a href="https://mastodon.social/tags/ICYMI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICYMI</span></a></p><p>Link: <a href="https://metalinsider.net/touring/tool-announce-return-to-honolulu-for-first-hawaii-show-since-2011" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">metalinsider.net/touring/tool-</span><span class="invisible">announce-return-to-honolulu-for-first-hawaii-show-since-2011</span></a></p>
Who Let The Dogs Out 🐾<p>Black Hat Tools</p><p><a href="https://mastodon.ml/tags/red_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>red_team</span></a> <a href="https://mastodon.ml/tags/blackhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blackhat</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>Отличный репозиторий, где собраны все инструменты, которые когда-либо были представлены на конференциях Black Hat. </p><p>Сортировка по странам, где проходила конференция, по годам и категориям:</p><p>- Red Teaming;<br>- Blue Teaming;<br>- OSINT & Recon;<br>- Exploit Development;<br>- Malware Analysis;<br>- DFIR & Forensics;<br>- Threat Intelligence;<br>- ICS/IoT/SCADA;<br>- Application Security (AppSec).</p><p><a href="https://github.com/UCYBERS/Awesome-Blackhat-Tools" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/UCYBERS/Awesome-Bla</span><span class="invisible">ckhat-Tools</span></a></p><p>Все презентации с выступлений на Black Hat, начиная с 2023 года, собраны вот здесь:</p><p><a href="https://github.com/onhexgroup/Conferences" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/onhexgroup/Conferen</span><span class="invisible">ces</span></a></p>
Dummy-X 🇮🇹<p>✅ Pigment, un'applicazione Linux per l'estrazione di palette dalle immagini<br>Come estrarre le palette di colori dalle nostre foto per applicarle ai nostri progetti...</p><p>👉 <a href="https://www.selectallfromdual.com/blog/1577" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">selectallfromdual.com/blog/1577</span><span class="invisible"></span></a></p><p> :speech_balloon: <span class="h-card" translate="no"><a href="https://diggita.com/c/linux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>linux</span></a></span></p><p><a href="https://mastodon.uno/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.uno/tags/palette" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>palette</span></a> <a href="https://mastodon.uno/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://mastodon.uno/tags/toolperlinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>toolperlinux</span></a> <a href="https://mastodon.uno/tags/UnoLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnoLinux</span></a></p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/red_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>red_team</span></a> <a href="https://mastodon.ml/tags/useful" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>useful</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>LoaderGate (<a href="https://github.com/casp3r0x0/LoaderGate" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/casp3r0x0/LoaderGate</span><span class="invisible"></span></a>) — загрузчик shellcode на C# автором, специализирующийся на обходе EDR-систем, таких как Palo Alto Cortex XDR и Sophos EDR. Загружает вредоносный код напрямую в память процесса, избегая стандартных механизмов защиты и детектирования, что позволяет незаметно выполнять payload. </p><p>RAITrigger (<a href="https://github.com/rtecCyberSec/RAITrigger/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/rtecCyberSec/RAITri</span><span class="invisible">gger/</span></a>) — утилита на C# для запуска аутентификации от имени SYSTEM локально, чтобы затем использовать эти креды для NTLM relay-атак внутри инфраструктуры Active Directory.</p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/red_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>red_team</span></a> <a href="https://mastodon.ml/tags/useful" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>useful</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>Ebyte-Go-Morpher (<a href="https://github.com/EvilBytecode/Ebyte-Go-Morpher" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/EvilBytecode/Ebyte-</span><span class="invisible">Go-Morpher</span></a>) — инструмент для модификации исполняемых файлов на Go с целью обхода антивирусов и систем обнаружения. Автоматически переименовывает функции, вставляет мусорные инструкции (NOPs), меняет структуру кода и сборку, не затрагивая логику исполнения. В результате создается функционально тот же EXE, но с другой сигнатурой.</p><p>Unicorn_PE (<a href="https://github.com/hzqst/unicorn_pe" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/hzqst/unicorn_pe</span><span class="invisible"></span></a>) — фреймворк на базе эмулятора Unicorn Engine для анализа Windows PE‑файлов. Позволяет загружать PE в память, эмулировать его исполнение, выводить дизассемблированные инструкции, обрабатывать исключения, восстанавливать импортную таблицу и строки, зашифрованные через VMProtect, а затем сохранять исправленный бинарник. Крутой инструмент для реверса и разбора защищенных Windows‑исполняемых файлов.</p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/red_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>red_team</span></a> <a href="https://mastodon.ml/tags/useful" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>useful</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>EvilReplay (<a href="https://github.com/EgeBalci/evilreplay" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/EgeBalci/evilreplay</span><span class="invisible"></span></a>) — инструмент для перехвата, модификации и повторной отправки NetNTLM аутентификационных запросов в сетевых протоколах Windows (например, SMB, HTTP, LDAP), с целью проведения атак типа NTLM relay или Pass-the-Hash. Работает как MITM-прокси и позволяет захватывать хэши NetNTLMv1/v2, модифицировать их или перенаправлять на другую цель для получения доступа без знания пароля.</p><p>SoaPy (<a href="https://github.com/logangoins/SoaPy" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/logangoins/SoaPy</span><span class="invisible"></span></a>) — фреймворк на Python для анализа, подделки и эксплуатации SOAP (Simple Object Access Protocol) веб-сервисов. Позволяет автоматически извлекать и парсить WSDL, генерировать SOAP-запросы, изменять параметры (в т.ч. для fuzzing) и анализировать ответы. Помогает тестировать SOAP-сервисы, в том числе на предмет ошибок авторизации, инъекций, логических уязвимостей и неправильной обработки XML.</p>
DaLetra<p>Scopri il testo della canzone “Sober” di Tool<br><a href="https://mastodon.social/tags/Tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tool</span></a> <a href="https://mastodon.social/tags/Sober" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sober</span></a><br><a href="https://daletra.online/tool/testi/sober.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daletra.online/tool/testi/sobe</span><span class="invisible">r.html</span></a></p>
Matthias Gansrigler-Hrad<p>First pass at (read: proof of concept of) a loupe annotation for the screen capture power tool <a href="https://mastodon.social/tags/ScreenFloat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ScreenFloat</span></a>. Not coming with the big, soon-to-be-released v2.3 update, but maybe soon after : )</p><p><a href="https://mastodon.social/tags/loupe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>loupe</span></a> <a href="https://mastodon.social/tags/screenshots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>screenshots</span></a> <a href="https://mastodon.social/tags/screencapture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>screencapture</span></a> <a href="https://mastodon.social/tags/utility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>utility</span></a> <a href="https://mastodon.social/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://mastodon.social/tags/macos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macos</span></a> <a href="https://mastodon.social/tags/macapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>macapp</span></a></p>
WordofTheHour<p><a href="https://mastodon.social/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> : any instrument used by a craftsman or laborer at his work</p><p>- French: outil</p><p>- German: das Werkzeug </p><p>- Italian: attrezzo</p><p>- Portuguese: ferramenta</p><p>- Spanish: herramienta</p><p>------------</p><p>Report an incorrect translation @ <a href="https://wordofthehour.org/r/translations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">wordofthehour.org/r/translatio</span><span class="invisible">ns</span></a></p>
Peter Cohen<p>More <a href="https://mastodon.social/tags/ozzy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ozzy</span></a> memories with <span class="h-card" translate="no"><a href="https://mastodon.social/@jdalrymple" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jdalrymple</span></a></span> - the time at <a href="https://mastodon.social/tags/ozzfest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ozzfest</span></a> we saw Mastodon (the fuckin BAND people) and I noticed a kid near me wearing the same Tool t-shirt. </p><p>"Nice shirt," I said.</p><p>She gave me one look in disgust and said, "OK Uncle Festa. Whatevah."</p><p><a href="https://mastodon.social/tags/boston" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>boston</span></a> <a href="https://mastodon.social/tags/metal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>metal</span></a> <a href="https://mastodon.social/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://mastodon.social/tags/addamsfamily" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>addamsfamily</span></a> <a href="https://mastodon.social/tags/wednesday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wednesday</span></a></p>
unixbhaskar<p>Irks.....heck......meh.....damnit!</p><p><a href="https://mastodon.social/tags/linuxdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxdmin</span></a> <a href="https://mastodon.social/tags/gentoo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gentoo</span></a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://mastodon.social/tags/firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firefox</span></a> <a href="https://mastodon.social/tags/browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browser</span></a> <a href="https://mastodon.social/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://mastodon.social/tags/operatingsystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>operatingsystem</span></a></p><p>bhaskar_03:44:51_Thu Jul 24: :~>firefox --version</p><p>XPCOMGlueLoad error for file /home/bhaskar/firefox/libxul.so:</p><p>/home/bhaskar/firefox/libxul.so: undefined symbol: gdk_wayland_device_get_wl_seat</p><p>Couldn't load XPCOM.</p>
unixbhaskar<p>Irks.....heck......meh.....damnit!</p><p><a href="https://fosstodon.org/tags/linuxdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxdmin</span></a> <a href="https://fosstodon.org/tags/gentoo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gentoo</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://fosstodon.org/tags/firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firefox</span></a> <a href="https://fosstodon.org/tags/browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>browser</span></a> <a href="https://fosstodon.org/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://fosstodon.org/tags/operatingsystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>operatingsystem</span></a></p><p>bhaskar_03:44:51_Thu Jul 24: :~>firefox --version</p><p>XPCOMGlueLoad error for file /home/bhaskar/firefox/libxul.so:</p><p>/home/bhaskar/firefox/libxul.so: undefined symbol: gdk_wayland_device_get_wl_seat</p><p>Couldn't load XPCOM.</p>
minioctt<p><strong>il cartafacenzio di octo e la foglianza interattiva!!! (Papiellify, nuova app per creare fogli decorati)</strong></p><p>Nel tentare (in parte invano, ma in parte no, dai) di <em>alleviare le mie sofferenze giornaliere</em>, <strong>dovute alle solite impossibilità di <em>incartamento</em></strong>, eccomi qui di nuovo ad uscirmene fuori <em>dal letterale nulla</em> con <strong>un nuovissimo dei miei <em>toolini</em> pazzurdi…</strong> Ma a ‘sto giro ho davvero poca voglia di scherzare, quindi, <em>per una buona volta</em>, metto la fine della storia all’inizio: <em>l’aggeggio</em> di questa volta è caricato su <strong><a href="https://hub.octt.eu.org/Papiellify/" rel="nofollow noopener" target="_blank">https://hub.octt.eu.org/<em>Papiellify</em>/</a></strong> (ed era da tanto che non mettevo una roba nuova lì sopra…), ed in poche parole è <em>nientedimeno</em> che un (o meglio, <em>il</em>; credo sia l’unico al mondo) <em>fogliatore…</em> 🍀</p><p>In pratica, <strong>ero qui di nuovo a voler <em>stampare fogli con grafichine personalizzate</em></strong>, <a href="https://octospacc.altervista.org/2024/11/30/il-protodernino/" rel="nofollow noopener" target="_blank">come mostrai qualche altra volta</a>, ma il solo pensiero di dovermi ancora mettere a fare tutta quella roba strana in programmi tipo Office (di qualsiasi vendor; io uso Libre, ma non cambia) — assolutamente <em>non</em> fatti per questo tipo di cose, nonostante <em>stranamente</em> usati da tutti per questo tipo di cose — piazzando nei bordi le immagini, poi le righe, e infine non ne parliamo di layout un pochino più complessi… <strong>mi fa venire subito la nausea e dunque addio alle intenzioni spassose</strong>. Ovviamente, come all’assoluto solito, <em>sono una ragazza magica</em>, e quindi, <strong>piuttosto che avvilirmi, è spuntato fuori il momento di mettermi all’opera, con la programmazione…</strong> e questa qui è la primissima versione abbastanza utilizzabile da essere pubblicata, gnam! 🥰</p><p>Ho avuto <em>rubamenti di tempo</em> vari adesso eh, quindi ci ho messo <em>qualche giorno in più</em> che normalmente non avrei impiegato per arrivare al punto di <strong>qualcosa che già mi sta essendo di enorme utilità</strong>, ma la app per ora è ancora abbastanza semplice, <em>pure se non sembra…</em> Ci sono tanti controlli a schermo, si, e <strong>si possono già creare infiniti layout sfiziosi semplicemente maneggiando con questi form</strong>, certo, però questo ancora non è niente rispetto a quello che potrebbe essere… neanche il tempo <em>di saltellare</em> per i progressi già fatti finora, infatti, e già sento la mancanza di una gestione multi-pagina, o di più preset di stile impostabili, ma vedrò di adoperarmi man mano che le necessità spunteranno fuori (a me, <em>o ad altri… vi scongiuro, apprezzate il mio lavoro cartiaco…</em>) 😳</p><p>Io invito come sempre a <em>provare per credere</em> (e sennò che cazzo li metto online a fare i miei <em><code>tool</code></em>…), ma in buona sostanza questo è come funziona la app: sfruttando non casualmente, ma proprio esattamente (cioè, usare altro di base mi avrebbe richiesto infinitamente più lavoro), <strong>le funzioni di layout intrinseche della piattaforma web</strong> (il CSS, bono!), <strong>permette di gestire dei livelli</strong> (che nella pagina sono non altro che elementi HTML con applicati particolari stili), che sono definiti da immagini caricabili o pattern preprogrammati (come codici SVG), e sono <strong>personalizzabili in una marea di criteri tra cui dimensioni, spaziature, slittamenti</strong>, e per i pattern cose come <strong>spessore del tratto, colori e <em>vattelappesca</em></strong> — tutto impostabile precisamente, e altamente <em>risminchiabile</em>, senza scrivere codice! 😜</p><p>Qui, <strong>per esempio, ho creato due diversi <em>papielli</em></strong> (ovviamente stampabili, <em>e che goduria</em>) per provare un po’ il tutto: <strong>il primo, a righe azzurre spaziate a 8mm e con una decorazione di Sailor Moon</strong> in basso a destra (dimensionata in modo ideale per l’A5, ma ovviamente modificabile); ed <strong>il secondo, con una griglia a puntini di 10mm decorata ogni 4 con dei <em>cuoricini</em>…</strong> ed entrambi usano solo due livelli, quindi <strong><em>si può fare solo di meglio</em></strong>. Questi esempi, ed eventualmente altri che creerò, li ho salvati in JSON con l’apposita funzione del menu in-app, e chiunque voglia usarli può semplicemente caricarli nell’applicazione, sono scaricabili qui: <a href="https://memos.octt.eu.org/m/gnwNvbS4zvQXRRE5x29g8k" rel="nofollow noopener" target="_blank">https://memos.octt.eu.org/m/gnwNvbS4zvQXRRE5x29g8k</a>. 💖</p><p>Un bonus per me, per concludere, è che ho notato che <strong>sui browser web mobile questa app funziona <em>a metà…</em></strong> e detto così sembra qualcosa di negativo, ma io ero partita dal presupposto che la UI di questa app dovesse essere così intricata da essere virtualmente inutilizzabile su smartphone; quindi, scoprire che in realtà si riesce realisticamente ad usare (forse anche grazie al fatto che il pannello delle opzioni si può restringere, e viceversa quello dell’anteprima) mi fa piacere. Il problema tuttavia è che, sia da Firefox che da Chromium, su Android (almeno, sul mio Xiaomi del cazzo…), l’esportazione su PDF o in stampa è rotta, e la pagina esce vuota… quindi poi dovrò usare qualche libreria JavaScript strana per esportare dal lato del mio codice, anziché delegare al browser, che abbiamo capito fa cagare. Una cosa comunque è certa: con tutte queste caselle di input, slider per i numeri, ed alcune opzioni forse relativamente criptiche, <strong><em>non</em> è un software adatto agli <em>utonti</em> deboli di cuore… ma, il suo lo fa <em>al top</em></strong> (<em>credo</em>). 😺</p><p><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://octospacc.altervista.org/tag/webapp/" target="_blank">#webapp</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://octospacc.altervista.org/tag/tool/" target="_blank">#tool</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://octospacc.altervista.org/tag/design/" target="_blank">#design</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://octospacc.altervista.org/tag/papiellify/" target="_blank">#Papiellify</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://octospacc.altervista.org/tag/paper/" target="_blank">#paper</a></p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/blue_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blue_team</span></a> <a href="https://mastodon.ml/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>FuncVul работает в четыре этапа: </p><p>- код разбивается на логические фрагменты (chunks) внутри функций,<br>- используется LLM для автоматической генерации меток, в том числе для множественных уязвимостей в одной функции,<br>- применяется GraphCodeBERT, дообученный на этих chunk-метках,<br>- на финальном этапе модель классифицирует уязвимые части.</p><p>Заявленная точность: средняя 87–92% и F1-score от 86% до 92% на всех датасетах. Кроме того, авторы утверждают, что модель дает прирост точности на 53,9% и F1-score на 42% по сравнению с прогнозом уязвимостей на уровне полной функции.</p><p>🔗 Подробности (<a href="https://arxiv.org/abs/2506.19453" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2506.19453</span><span class="invisible"></span></a>) + GitHub (<a href="https://github.com/sajalhalder/FuncVul" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/sajalhalder/FuncVul</span><span class="invisible"></span></a>).</p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/blue_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blue_team</span></a> <a href="https://mastodon.ml/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>FuncVul — кастомная модель обнаружения уязвимостей на уровне функций с использованием LLM и фрагментов кода</p><p>статья на arXiv FuncVul: An Effective Function Level Vulnerability Detection Model using LLM and Code Chunk - описание весьма занятного инструмента. Ручная работа с LLM позволяет добиться адекватных результатов в поисках уязвимостей в коде.</p><p>Судя по материалу, FuncVul использует подход с выделением фрагментов кода (code chunks) внутри функций на C/C++ и Python и на них обучает модель на основе GraphCodeBERT. Это позволяет быстрее локализовать конкретные уязвимые участки, находить несколько слабых мест внутри одной функции и повысить точность по сравнению со стандартным анализом целых функций.</p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/red_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>red_team</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>MessageBoxInjection (<a href="https://ghostline.neocities.org/MessageBoxInjection/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ghostline.neocities.org/Messag</span><span class="invisible">eBoxInjection/</span></a>) — нестандартный способ внедрения shellcode через API вызов MessageBoxIndirectA. Используя структуру MSGBOXPARAMSW, злоумышленник помещает указатель на свой shellcode в поле lpszIcon, направляет адрес и функцию обратного вызова lpfnMsgBoxCallback к этому коду, помечает память как выполняемую и запускает MessageBox, в результате чего shellcode выполняется на пользовательской машине при простом отображении диалогового окна.</p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/red_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>red_team</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>From cheap IoT toy to your smartphone (<a href="https://www.synacktiv.com/en/publications/from-cheap-iot-toy-to-your-smartphone-getting-rce-by-leveraging-a-companion-app.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">synacktiv.com/en/publications/</span><span class="invisible">from-cheap-iot-toy-to-your-smartphone-getting-rce-by-leveraging-a-companion-app.html</span></a>) — уязвимость в companion‑приложении дешевой IoT‑игрушки может привести к RCE на смартфоне. Мобильное приложение для управления подобными устройствами не защищено. Та же сеть или MitM - отправка на телефон команды под видом запросов к игрушке.</p><p>LDAPWordlistHarvester (<a href="https://github.com/TheManticoreProject/LDAPWordlistHarvester" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/TheManticoreProject</span><span class="invisible">/LDAPWordlistHarvester</span></a>) — извлечение из Active Directory LDAP-структур целевых словарей, составленных с учётом конкретных данных пользователей (имен, атрибутов и т.п. - кастомизированные wordlist-ы для атак на пароли) — гораздо эффективнее чем общие словари.</p>
Who Let The Dogs Out 🐾<p><a href="https://mastodon.ml/tags/red_team" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>red_team</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a></p><p>Turn Trash URLs into Gold Wordlists with haklistgen (<a href="https://medium.com/@hacker_might/turn-trash-urls-into-gold-wordlists-with-haklistgen-even-your-ex-cant-ignore-this-2692194ff8e6" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/@hacker_might/turn-</span><span class="invisible">trash-urls-into-gold-wordlists-with-haklistgen-even-your-ex-cant-ignore-this-2692194ff8e6</span></a>) — как с инструментом haklistgen превратить любые «мусорные» URL-адреса и текст в ценные пользовательские wordlists для нагрузочного тестирования, баг-баунти и пентестов.</p><p>Mindmap от Orange CyberDefense по методологии пентеста Active Directory (AD) (<a href="https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">orange-cyberdefense.github.io/</span><span class="invisible">ocd-mindmaps/img/pentest_ad_dark_2022_11.svg</span></a>) — карта служит подробным руководством с демонстрацией этапов и методов тестирования на проникновение.</p><p>ShutdownRepo/dcshadow (<a href="https://github.com/ShutdownRepo/dcshadow" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/ShutdownRepo/dcshad</span><span class="invisible">ow</span></a>) — чисто Python-реализация техники Mimikatz lsadump::dcshadow, используемой для внедрения изменений в Active Directory (AD) путем манипуляции с репликацией контроллеров домена. Мощный метод, позволяющий скрытно внедрять изменения в AD, обходя стандартные механизмы аудита и мониторинга.</p>
Dummy-X 🇮🇹<p>👾 GPU Screen Recorder: La soluzione ideale per la registrazione dello schermo su Linux<br>Un registratore di schermo veloce ed efficiente con supporto per GPU e funzionalità avanzate...</p><p>👉 <a href="https://www.selectallfromdual.com/blog/1569" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">selectallfromdual.com/blog/1569</span><span class="invisible"></span></a></p><p> :speech_balloon: <span class="h-card" translate="no"><a href="https://diggita.com/c/linux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>linux</span></a></span></p><p><a href="https://mastodon.uno/tags/flatpak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>flatpak</span></a> <a href="https://mastodon.uno/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.uno/tags/registrareschermo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>registrareschermo</span></a> <a href="https://mastodon.uno/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://mastodon.uno/tags/toolperlinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>toolperlinux</span></a> <a href="https://mastodon.uno/tags/UnoLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UnoLinux</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload