pocorgtfo VS Judge0 API

Your best bet here is to get the base address nailed down (assuming it’s a flat/monolithic image). There are a handful of utilities floating around (binbloom, basefind2) that use various pointer heuristics to try to guess the base address. There’s also a nice trick detailed in PoC||GTFO that you can use pretty reliably.

execute the pdf: https://github.com/angea/pocorgtfo

1) People systematically underestimate how easy it is to create collisions that still do something "interesting", like being polyglots. See PoC||GTFO, specifically anything by Ange Albertini, for examples; grep https://github.com/angea/pocorgtfo/blob/master/README.md for "MD5".

1bis) You can use an existing collision to create new collisions. People seem to think you need to generate all the work again from scratch.

1cis) The files do not need to be gigantic.

2) You can do the collision in advance, and publish the malicious version later. What it accomplishes is that the concept of "this Git hash unambiguously specifies a revision" no longer works, and one of them can be malicious.

3) The standard should be "obviously safe beyond a reasonable doubt", not "not obviously unsafe to a non-expert". By the latter standard, pretty much any random encryption construction is fine.

If you want to learn more how these things work I'd highly suggest going through the PoC||GTFO archive (https://github.com/angea/pocorgtfo/blob/master/README.md) and check out entries by Ange Albertini or entries named like "This ZIP is also a PDF".

There are services like Judge0 which you can use to execute the code in a sandbox. Just send a code as a string and get a result back. You can either use their cloud offering or deploy the container yourself (it is opensource). https://github.com/judge0/judge0

I'm trying to run a local version of the Judge0 compiler, but I can't seem to access it.

I have a front-end app which exposes a code editor where the user can provide some code and it will be compiled and executed using judge0 (so not on my server). I would like to be able to save the code created by a user, but I'm not sure of the best route to do this. My initial thought was to save the code as a string in a database, passing through my back-end which could potentially have some sanitizing methods to try and minimize any danger with this. However, I'm not sure how practical/feasible it is to try and sanitize code - has anyone attempted to do this previously or have experience in this domain?

You can deploy Judge0 Extra CE on your own servers for free. Here are the release notes that include the deployment procedure.

https://judge0.com/ to run the code, you can can host it on your server for free or use their api.

A signal gets called which gets sent over Django Channels (but you can probably use an mq or something for this) which notifies a microservice that is responsible for sending and receiving submissions to an instance of https://judge0.com/

wget https://github.com/judge0/judge0/releases/download/v1.12.0/judge0-v1.12.0.zip unzip judge0-v1.12.0.zip