MSRC-Security-Research
PowerShell
MSRC-Security-Research | PowerShell | |
---|---|---|
9 | 397 | |
1,292 | 43,400 | |
0.4% | 0.7% | |
5.1 | 9.6 | |
7 months ago | 3 days ago | |
Python | C# | |
Creative Commons Attribution 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MSRC-Security-Research
-
A reactionary take on memory safety
You’ll find more primary sources across different organizations that all arrive at the 60 - 70% number. But what really grinds my gears here is that you take a piece from the article you’re criticizing and pretend that it’s a quote from Matt Miller.
It’s actually quite easy to find a primary source here because the slides from the talk that the article is based on are available: https://github.com/microsoft/MSRC-Security-Research/blob/mas...
To quote from those slides: „~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues“.
-
Zig and Rust
> It's still bizarre though that Rust is capturing such ridiculous mindshare.
I don't think it's that bizarre. The two big headline features that bring Rust such popularity are: #1 "70% of bugs are memory-safety bugs" [1] and Rust can help solve those, and #2 C/C++ have a couple of package manager solutions - none of which have critical mass and Rust "comes with" cargo.
Those two make me really eager to continue experimenting with Rust.
> It seems to be a temporary low-level programming zeitgeist driven by YouTube and Reddit recommendation algorithms to an audience that has never done it and probably never will.
This is some weird gatekeep-y kinda thing. Most of us didn't start out with low-level programming. Wouldn't it have been odd and frustrating for someone to tell your younger self that you have "never written C and probably never will"?
[1] https://github.com/microsoft/MSRC-Security-Research
-
Will Carbon Replace C++?
https://github.com/microsoft/MSRC-Security-Research/blob/mas...
- How CastGuard Works [BHUSA 2022]
-
Arm releases experimental CHERI-enabled Morello board
Windows is likely a big task for the same reasons as SMAP (https://github.com/microsoft/MSRC-Security-Research/blob/mas...). XNU should be comparable to FreeBSD, which CheriBSD is a fork of, as both use Mach's VM for memory management and have a bunch of shared code in various places, but userspace is more of an unknown quite how much effort it'd be (you'll need to port Objective-C and, now, Swift, for example). For Chromium we have ported WebKit, so I'd imagine Blink isn't too dissimilar. V8 is likely interesting, though we have a version of WebKit's JSC JIT for Morello, which gives confidence in V8 being doable.
- Security Analysis of CHERI ISA
- Security Analysis of Cheri ISA [pdf]
-
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
A related post from Google Security Blog[0]:
> "A recent study[1] found that "~70% of the vulnerabilities addressed through a security update each year continue to be memory safety issues.” Another analysis on security issues in the ubiquitous `curl` command line tool showed that 53 out of 95 bugs would have been completely prevented by using a memory-safe language. [...]"
[0]: https://security.googleblog.com/2021/02/mitigating-memory-sa...
[1]: https://github.com/Microsoft/MSRC-Security-Research/blob/mas...
-
Rust for Windows
Here is some of the internal advocacy going on at Microsoft.
- Managed languages if you can afford a GC
- Rust
- C++ with Core Guidelines
https://github.com/microsoft/MSRC-Security-Research/tree/mas...
Note that there are still some teams like Azure Sphere and Azure RTOS, which are only providing C based SDKs, so no everyone is on the same wave length.
PowerShell
-
PowerBI: déployer une passerelle sur AWS pour $0.12/j
msiexec.exe /package https://github.com/PowerShell/PowerShell/releases/download/v7.2.6/PowerShell-7.2.6-win-x64.msi /quiet ADD_EXPLORER_CONTEXT_MENU_OPENPOWERSHELL=1 ADD_FILE_CONTEXT_MENU_RUNPOWERSHELL=1 ENABLE_PSREMOTING=1 REGISTER_MANIFEST=1 USE_MU=1 ENABLE_MU=1 ADD_PATH=1
-
Sudo for Windows
This smells like when PowerShell aliased curl and wget to a completely different command, with incompatible arguments.
https://github.com/PowerShell/PowerShell/pull/1901
-
Gooey: Turn almost any Python command line program into a full GUI application
PowerShell is available on macOS and Linux as well (source on Github: https://github.com/PowerShell/PowerShell). It may not be as well-integrated with things like system services management, but the language still works well. You can still use all the command line tools you're used to on Linux, of course.
nushell does look interesting, though the lack of a .deb repository does put it pretty low on my to-do list.
-
3 lines of code don't understand the results.
Issue #7940 discusses potential improvements to array slicing.
- Task Scheduler -windowstyle hidden / minimized
-
Just messing around with arrays and efficiency in PS, thought I'd share
Note: This can be problematic as it prevents upstream commands from running their end {} block. See here. The new clean {} block introduced in PowerShell v7.3 does not suffer from this issue.
-
Jaq – A jq clone focused on correctness, speed, and simplicity
Can you give an example of something that PS can do that is built-in for text processing, instead of a proprietary symbolic query language?
[1] https://github.com/PowerShell/PowerShell
-
The bash book to rule them all
https://github.com/PowerShell/PowerShell/blob/master/LICENSE... is the MIT license. (Microsoft supplies debs directly which may reduce the motivation for Debian to do so.)
Oh, heh, also https://github.com/PowerShell/PowerShell/blob/master/docs/bu... the build script is written in PowerShell, so there's a bootstrapping problem :-) (Debian has solved those before of course, but with community sentiment like the above maybe noone is motivated to bother.)
- Did Reddit just denylist all IPs?
-
Register-ArgumentCompleter: how to fall back to file completion when completing a flag such as "--foo="
According to https://github.com/PowerShell/PowerShell/issues/19628, the default behaviour is invoked whenever the completion script returns no output. To attempt to do so, I tried exiting the script via returning an empty string, or using the return keyword to exit the script completely, unfortunately with no avail. Is there a technique to achieve what I want, and is there any documentation about it other than the official one? Thank you in advance.
What are some alternatives?
rust-zmq - Rust zeromq bindings.
nushell - A new type of shell
wuffs - Wrangling Untrusted File Formats Safely
winpty - A Windows software package providing an interface similar to a Unix pty-master for communicating with Windows console programs.
windows-rs - Rust for Windows
Windows Terminal - The new Windows Terminal and the original Windows console host, all in the same place!
Cargo - The Rust package manager
WFinfo - :computer: A fissure Companion App for Warframe
winapi-rs - Rust bindings to Windows API
PowerToys - Windows system utilities to maximize productivity
core-foundation-rs - Rust bindings to Core Foundation and other low level libraries on Mac OS X and iOS
ShellCheck - ShellCheck, a static analysis tool for shell scripts