pocorgtfo
gitlab
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pocorgtfo
-
MIPS Firmware Reverse Engineering - anyone having any success using Ghidra for this?
Your best bet here is to get the base address nailed down (assuming it’s a flat/monolithic image). There are a handful of utilities floating around (binbloom, basefind2) that use various pointer heuristics to try to guess the base address. There’s also a nice trick detailed in PoC||GTFO that you can use pretty reliably.
- Image displays its own MD5 hash
- Gitlab servers are being exploited in DDoS attacks in excess of 1 Tbps
-
smh dumb antivirus software
execute the pdf: https://github.com/angea/pocorgtfo
-
SHA-1 'Fully and Practically Broken' by New Collision
1) People systematically underestimate how easy it is to create collisions that still do something "interesting", like being polyglots. See PoC||GTFO, specifically anything by Ange Albertini, for examples; grep https://github.com/angea/pocorgtfo/blob/master/README.md for "MD5".
1bis) You can use an existing collision to create new collisions. People seem to think you need to generate all the work again from scratch.
1cis) The files do not need to be gigantic.
2) You can do the collision in advance, and publish the malicious version later. What it accomplishes is that the concept of "this Git hash unambiguously specifies a revision" no longer works, and one of them can be malicious.
3) The standard should be "obviously safe beyond a reasonable doubt", not "not obviously unsafe to a non-expert". By the latter standard, pretty much any random encryption construction is fine.
-
Show HN: Redbean: single-file distributable web server
If you want to learn more how these things work I'd highly suggest going through the PoC||GTFO archive (https://github.com/angea/pocorgtfo/blob/master/README.md) and check out entries by Ange Albertini or entries named like "This ZIP is also a PDF".
gitlab
-
Gitlab Duo
Since the relevant code appears to be in the "ee" directory <https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.0-ee/ee/l...> and is not present in the foss repo, I'm guessing the answer is no, at least for now. They do have a history of "releasing" features from EE back to CE but my suspicion is not for LLM stuff
- Code Search Is Hard
- XZ Backdoor Investigation Request to Gitlab Team
-
Client side Git hooks 101
(Side note: Issues are usually hash-prefixed like #1234 both on GitLab and GitHub. However, commit messages must not begin with a hash, they would be considered a comment and ignored. Therefore, GitHub has introduced the alternative prefix GH- and I've contributed a similar prefix GL- to GitLab a while ago.)
- Assign Issue to an AI Developer
-
BuildKit in depth: Docker's build engine explained
and its "oh, you want multi-arch, do you?" friend. While prosecuting this <https://gitlab.com/gitlab-org/gitlab/-/issues/339567> I learned that https://hub.docker.com/layers/multiarch/qemu-user-static/7.2... actually mutates the binfmt_misc in buildx's context in order to exec the static copy of qemu in it https://github.com/multiarch/qemu-user-static/blob/v7.2.0-1/...
and, that the buildx plugin itself has some qemu magick in it, which got addressed in a minor version bump but I couldn't track down the relevant GitHub issue this second (I've flushed it from my mind, only recalling that there were a lot of actors in that tire fire)
-
Gitlab password reset bug leaves more than 5.3K servers up for grabs
This is actually a follow-up refactor, the fix is here: https://gitlab.com/gitlab-org/gitlab/-/commit/abe79e4ec43798...
- ExifTool CVE-2021-22204 – Arbitrary Code Execution
- Critical Gitlab vulnerability exposes 2FA-less users to account takeovers
- Upcoming critical Gitlab security issue
What are some alternatives?
gitlab-workhorse
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
polyshell - A Bash/Batch/PowerShell polyglot!
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
exiftool - ExifTool meta information reader/writer
onedev - Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.
RedBean - ORM layer that creates models, config and database on the fly
rich-markdown-editor - The open source React and Prosemirror based markdown editor that powers Outline. Want to try it out? Create an account:
Judge0 API - 🔥 The most advanced open-source online code execution system in the world.
gitlab-foss
sha1collisiondetection - Library and command line tool to detect SHA-1 collision in a file
chatwoot - Open-source live-chat, email support, omni-channel desk. An alternative to Intercom, Zendesk, Salesforce Service Cloud etc. 🔥💬