public-pentesting-reports
JDK
public-pentesting-reports | JDK | |
---|---|---|
27 | 193 | |
8,113 | 18,484 | |
- | 1.6% | |
5.3 | 10.0 | |
27 days ago | 5 days ago | |
HTML | Java | |
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
public-pentesting-reports
-
Yet another eCPPTv2 Review
You might find https://github.com/juliocesarfort/public-pentesting-reports repository useful if you need to see how reports are generally structured and written.
-
Reporting question
As for templates, to be honest, I haven't come across many templates floating around. You could look through public pentest reports (https://github.com/juliocesarfort/public-pentesting-reports) and borrow the bits that you prefer and drop them into TCM's template and make it your own.
-
Redteam sanitized report
I know of this site https://redteam.guide/docs/Templates/report_template/ which for me is down but maybe that is temporary, otherwise seek the cached or wayback version. There are also these https://github.com/juliocesarfort/public-pentesting-reports which are pentesting reports but you may find a number that are more about red teaming or have elements of red teaming which you can refer to.
-
Wanting to get into to security
A repository of pentest reports. Writing reports is the most important component of pentesting and redteaming. A pentester who cannot explain what they did, what they found and what the recipient should do to fix their issues is of limited value.
- Penetration testing reports
-
Information to include when writing a Pentesting Report
If you're anything like me, examples help tremendously and so: https://github.com/juliocesarfort/public-pentesting-reports
-
What is a good way to evaluate a pentesting agency?
For good examples, look here. I'd do a test with most of the firms on that list.
- I need help with a pentest report :(
- How often do you communicate with non-technical people in this field?
-
Log4j: The Pain Just Keeps Going and Going
I'd say don't let yourself be discouraged by GP. Just look into a company before you apply. Many have public reports you could look at or security research they publish, both of which you could use as indicators.
Here's a repo with lots of public audit reports by various companies, you could use that as a starting point: https://github.com/juliocesarfort/public-pentesting-reports
JDK
- Intel submitted OpenJDK PRs for supporting new 64 bit general purpose registers
-
Show HN: I Built a Java IDE for iPad
I felt out of the loop, thinking that Zero VM was some kind of new distro for OpenJDK but chasing <https://packages.debian.org/sid/openjdk-22-jre-zero#:~:text=...> to <https://sources.debian.org/src/openjdk-11/11.0.23%2B9-1/debi...> lead me to https://github.com/openjdk/jdk/tree/jdk-22-ga/src/hotspot/cp...
It seems that it's a specific CPU target for the Hotspot JIT for non-mainstream architectures (or for research purposes, as I saw mentioned once)
- JEP draft: Exception handling in switch
-
Java 23: The New Features Are Officially Announced
Completely gutted from the OpenJDK, last I checked. See here for the culprit PR: https://github.com/openjdk/jdk/pull/18688
-
macOS 14.4 might break Java on your machine
> Yes, they're changing one aspect of signal handler use to work around this problem. They're not stopping the use of signal handlers in general. Hotspot continues to use signals for efficiency in general. See https://github.com/openjdk/jdk/blob/9059727df135dc90311bd476...
This whole thread is about SIGSEGV, and specifically their SIGSEGV handling. However, catching normal signals is not about efficiency.
Some of their exception handling is still odd: There is no reason for a program that receives SIGILL to ever attempt continuing. But others is fine, like catching SIGFPE to just forward an exception to the calling code.
(Sure, you could construct an argument to say that this is for efficiency if you considered the alternative to be implementing floating point in software so that all exceptions exist in user-space, but hardware floating point is the norm and such alternative would be wholly unreasonable.)
> The wonderful thing about choosing not to care about facts is having whatever opinions you want.
I appreciate the irony of you making such statement, proudly thinking that your opinion equals fact, and therefore any other opinion is not.
This discussion is nothing but subjective opinion vs. subjective opinion. Facts are (hopefully, as I can only speak for myself) inputs to both our opinions, but no opinion about "good" or "bad", "nasty" or not can ever be objective. Objective code quality does not exist.
-
The Return of the Frame Pointers
I remember talking to Brendan about the PreserveFramePointer patch during my first months at Netflix in 2015. As of JDK 21, unfortunately it is no longer a general purpose solution for the JVM, because it prevents a fast path being taken for stack thawing for virtual threads: https://github.com/openjdk/jdk/blob/d32ce65781c1d7815a69ceac...
- JDK-8180450: secondary_super_cache does not scale well
- The One Billion Row Challenge
- AVX2 intrinsics for Arrays.sort methods (int, float arrays)
- A gentle introduction to two's complement
What are some alternatives?
OSCP-Exam-Report-Template-Markdown - :orange_book: Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
Graal - GraalVM compiles Java applications into native executables that start instantly, scale fast, and use fewer compute resources 🚀
CherryTree - cherrytree
aircraft - The A32NX & A380X Project are community driven open source projects to create free Airbus aircraft in Microsoft Flight Simulator that are as close to reality as possible.
writehat - A pentest reporting tool written in Python. Free yourself from Microsoft Word.
steam-runtime - A runtime environment for Steam applications
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
OkHttp - Square’s meticulous HTTP client for the JVM, Android, and GraalVM.
tmux-logging - Easy logging and screen capturing for Tmux.
kitten - A statically typed concatenative systems programming language.
Serpico - SimplE RePort wrIting and COllaboration tool
intellij-community - IntelliJ IDEA Community Edition & IntelliJ Platform