blog.leafsr.com
Leaf Security Research | Independent Security ConsultingIndependent Security Consulting
http://blog.leafsr.com/
Independent Security Consulting
http://blog.leafsr.com/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Monday
LOAD TIME
5 seconds
16x16
32x32
PAGES IN
THIS WEBSITE
19
SSL
EXTERNAL LINKS
44
SITE IP
192.0.78.12
LOAD TIME
5.049 sec
SCORE
6.2
Leaf Security Research | Independent Security Consulting | blog.leafsr.com Reviews
https://blog.leafsr.com
Independent Security Consulting
blog.leafsr.com
December | 2013 | Leaf Security Research
http://blog.leafsr.com/2013/12
Monthly Archives: December 2013. Microsoft has taken a more proactive security stance in its developer toolchain since the inception of its SDLC in the mid-2000’s. One of the earlier steps their SDLC used to reduce vulnerable code was to introduce a header file named banned.h. What this header file does is use an MSVC pragma to deprecate functions. Even today in 2013 much of the legacy software that is still critical to many enterprises contains code that calls these vulnerable library functions. Des...
We’re moving! | Leaf Security Research
http://blog.leafsr.com/2014/07/25/were-moving
We’ve got some exciting news to announce today: Doug DePerry and I are moving over to join the security team at Yahoo. We’ve known Alex Stamos, VP for Information Security at Yahoo, for quite some time. We first met Alex through the security community and greatly admire the efforts he and his team are making to ensure the security of Yahoo’s 800M users globally. July 25th, 2014. This entry was posted in Uncategorized. July 25, 2014. Leave a Reply Cancel reply. Enter your comment here.
Google Native Client – Attack Surface and Vulnerabilities (Part 4) | Leaf Security Research
http://blog.leafsr.com/2012/09/google-native-client-attack-surface-and.html
Google Native Client – Attack Surface and Vulnerabilities (Part 4). In our last post we took a look at the NaCl Pepper Proxy. And protocols used to communicate between trusted and untrusted components. If you’re looking for a deeper reference please see the full BlackHat 2012 white paper on the LeafSR. In this final post we will take a look at the various attack surfaces present in NaCl and a few of the vulnerabilities I discovered in the pepper proxy. In general we find attack surface anywhere trusted c...
March | 2014 | Leaf Security Research
http://blog.leafsr.com/2014/03
Monthly Archives: March 2014. Training At Black Hat USA 2014. Once again we will be delivering our ‘ Advanced C/C Source Code Analysis. 8216; course at this years Black Hat USA event. This isn’t a secure coding class, and we don’t cover. This entry was posted in Uncategorized. March 25, 2014. My heart is ok, but my eyes are bleeding. Training At Black Hat USA 2014. BlackHat WebCast: C/C AppSec In 2014. Blog at WordPress.com. Blog at WordPress.com.
Comparing ASM.js and NaCl | Leaf Security Research
http://blog.leafsr.com/2013/06/03/comparing-asm-js-and-nacl
Comparing ASM.js and NaCl. OK so I am a few months late to the ASM.js / Native Client (NaCl) debate. Thats OK because most of what has been said so far that compares them is terrible. If you’re unfamiliar with either technology then please see this. First or this post won’t make much sense. The two competing technologies have a similar goal: to bring native code to the web. But they both approach solving this problem in very different ways. Whats the problem with the web in its current form? Times before...
TOTAL PAGES IN THIS WEBSITE
19
C-skills: July 2014
http://c-skills.blogspot.com/2014_07_01_archive.html
Monday, July 7, 2014. Lets have a look on how our traffic is XKey-scored and whether. Its done with efficiency. Seems to be some kind of mangled-C , just like. A lot of C/C -based languages exist for big/parallel. CUDA or other parallelizing extensions). Given that, DB. Is obviously some kind of nested std: map. Apparently of a derived. Type, as can be seen by the apply(). Member which is not part of a STL map. Its probably not a multimap. Either, as denoted. Assignments are not possible. It gets to DB["...
C-skills: lophttpd fucks the POODLE
http://c-skills.blogspot.com/2014/10/lophttpd-fucks-poodle.html
Thursday, October 30, 2014. Lophttpd fucks the POODLE. Not just because they are ugly but also because lophttpd. Never was affected by POODLE, since SSLv3. Disabled for a reason in favor of TLSv1. I think about dropping. Too and just allowing TLSv1.1. To my knowledge lophttpd. Is also the first webserver. I also added SO REUSEPORT. Support today, since Google. That when handling c10k, their processes. Are un-evenly distributed across the cores (what the hell. Are they doing there? Only happen when the.
C-skills: troubleshooter trickery
http://c-skills.blogspot.com/2015/03/troubleshooter-trickery.html
Wednesday, March 25, 2015. Demo of SELinux disable on a Fedora 21 default desktop. A full writeup can be found here. Subscribe to: Post Comments (Atom). Jeffrey carr on cyberwar. My dear Mr. Esser. A Sun Engineer's blog. Xorl %eax, %eax. Miguel de Icaza's blog. Disclaimer: This is my personal and private weblog. The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer. View my complete profile.
C-skills: December 2014
http://c-skills.blogspot.com/2014_12_01_archive.html
Friday, December 19, 2014. QI for the win. Now that we officially know that 3G can be broken and that. It makes sense to place particular (passive) hardware on the. Roof top of embassies (the cellar is already stuffed with. Torture equipment and you have better gain at the roof),. Here was correct. In particular the. Last paragraph should be repeated, as you can start sending. Before the victim packet is even close to the. Target if you just captured the SYN packet on air. Thursday, December 11, 2014.
C-skills: C++11 bailout trickery
http://c-skills.blogspot.com/2015/04/c11-bailout-trickery.html
Thursday, April 23, 2015. C 11 bailout trickery. Is someone C 11 guru enough to make a statement whether. The following C 11 code is correct? Whats happening on line 24, as the lambda should not. Harvest the memory structures (scope? To me, everything looks OK. If thats the case, it would ease. Cleanup routines on error returns from functions. Please leave a comment. For the arrays s you could instead use:. Unique ptr s[1000];. Std: fstream file{/etc/passwd, ios base: in};. April 23, 2015 at 8:30 AM.
C-skills: May 2015
http://c-skills.blogspot.com/2015_05_01_archive.html
Thursday, May 21, 2015. Now, that the TURMOIL slides make sense. I adjusted my own. Projects. The good news is that I always used to generate. Unique DH params (I wonder so many ppl apparently didnt -. There is no real benefit to use hard coded values, except to Eve! In my projects during or before build. So it should be. Quite hard for a N. Dversary to break that. I removed 512 and 1024 bit DH params. Support and use 2048bit instead. opmsg. 2048bit (and higher), but the default was 1024. So I changed.
C-skills: January 2015
http://c-skills.blogspot.com/2015_01_01_archive.html
Thursday, January 8, 2015. In the last post I promised to stop threat analyzing. So here. Is some dev again which I already started developing back. In 2014 and where I finally found some time to finish. Its a small U2F stack. With the APDU framing code based. On Googles U2F reference code. After reviewing a lot of other. I found this reference code comprehensive enough to. Be usable for myself and for PAM code. It also builds on Darwin, but I didnt have time to test it. Subscribe to: Posts (Atom).
C-skills: sshttp tproxy trickery
http://c-skills.blogspot.com/2014/12/sshttp-tproxy-trickery.html
Thursday, December 11, 2014. To allow muxing of HTTP(S)/SSH. To whole subnets. Until recently, the setup was. Per single host. Now you can run it via -T. Gateway and Layer5-switch your whole internal net. Just found your sshttp project on github and just wanted to ask if you are aware of sslh. January 29, 2015 at 3:21 AM. Yep If I remember correctly. Sshl ported the transparent support. After sshttp came up with it. January 29, 2015 at 4:01 AM. Subscribe to: Post Comments (Atom). Jeffrey carr on cyberwar.
EM_386: Practical Malware Analysis Review
http://em386.blogspot.com/2012/04/practical-malware-analysis-review.html
The Leaf SR blog. Thursday, April 12, 2012. Practical Malware Analysis Review. I recently finished my review copy of 'Practical Malware Analysis'. I enjoyed this book for a few reasons. Each chapter concludes with some simple questions/labs to test your knowledge and give you a chance at some hands on experience related to the content you just read. If you analyze malware for a living or are just looking to understand how software reverse engineering works then you won't regret buying this book.
EM_386: January 2009
http://em386.blogspot.com/2009_01_01_archive.html
The Leaf SR blog. Thursday, January 08, 2009. It's been awhile since I have posted. This blog is up to almost 500 subscribers somehow. I posted a new project. It's still beta quality and there are definitely a few bugs. I hope you find it useful. Update: Posted Leaf-0.0.10.tar.gz at http:/ leaf-re.googlecode.com It now uses udis86. Lots of work still to do, but its a start. Subscribe to: Posts (Atom). My name is Chris Rohlf. This blog is dead. I now blog at Leaf SR.
TOTAL LINKS TO THIS WEBSITE
44
leafnode.pl
Oprogramowanie na Mac OS X. Firefox] Nowa zakładka w FF13 – jak wyłączyć. Szybkie wyszukiwanie dla dowolnej strony [Firefox]. Dokumentacja w jednym miejscu. Zmień WordPress w prywatnego Blipa/ Blimpa/ Twittera. Oprogramowanie na Mac OS X. Na żądanie publiczności publikuję wpis z listą oprogramowania na OS X, które wydaje mi się przydatne – kolejność losowa. W niektórych przypadkach na liście jest kilka alternatyw. 8211; Spotlight na sterydach ( kilka przykładów co można z nim zrobić. 8211; jak wyżej.
design inspiration
This blog is a place for me to share beautiful, well-designed things. By things I mean anything that catches my eye within a wide range of interests - art and architecture, fashion and jewelry, typography, useful household items, interior design, landscape design, photography. you get the idea. September 22, 2015. My friend since sophomore year English class, Laura, is due next month with a baby boy. Words cannot express how excited I am about this. New baby smell! It's really a win-win for me. I also ha...
The Leafseeker Blog – Recording & Restoring the Past
It seems we can’t find what you’re looking for. Perhaps searching can help.
/无间落叶
I am a leaf on the wind. 在游戏的开发过程中, 前期的规划 往往比 后期的 优化 更为重要. 本文使用 Cocos2d-3.0alpha1 版本,创建了一个 C 项目,介绍在 C 中,如何处理资源相关的内容,如果读者使用脚本,也可以参考本文中资源管理理念而忽略语言特性,你可以在 Github. Read more →. 在 Unix 文化中,有这样一种理念,Happy Hacking 使用 Cocos2d-x/C 写过一些游戏,其绑定的脚本语言,用的也不少,脚本语言的一个好处就是快速开发,你无需明白它之运行机理,便可容易的完成所想要的效果,三天上手,五天就能写出像样的程序来,C 则不然,其各种语言细节特性,各种开发技巧,内存管理等细枝末叶. 知或者不知 来自于你的学习历程与经验,至于 不懂 么,我还没接触到的领域内容,我都不懂,哈 Cocos2d-x 脚本引擎也用过一段时间了,但其运行机理还不明白,就使用而言也无需明白,不过于在意细节的实现,可能更好的从宏观角度把握整体。 过去只是对其 存疑 对于这里的 不懂 ,一叶通常美其名曰 要学会存疑. Read more →. 在 coc...
Leaf Solutions' Blog
Leaf Solutions' Blog. Skip to primary content. Skip to secondary content. National Family Week October 1-7, 2012 – The Grandparent Connection. October 4, 2012. This week has also cause me to reflect on my grandparents long past who snuggled with me as a child, laughed with me, taught me and loved me no matter what! I cherish them and know how vital that connection was to my growth as a person. For a list of FREE Family events in the Yukon see our Leaf Solutions. March 1, 2012. This year the Bravo award w...
Leaf Security Research | Independent Security Consulting
We’ve got some exciting news to announce today: Doug DePerry and I are moving over to join the security team at Yahoo. We’ve known Alex Stamos, VP for Information Security at Yahoo, for quite some time. We first met Alex through the security community and greatly admire the efforts he and his team are making to ensure the security of Yahoo’s 800M users globally. July 25th, 2014. This entry was posted in Uncategorized. July 25, 2014. Today we are announcing ‘ Secure Commit. We also understand that legacy ...
紅茶専門店リーフティ blog in松江
8月15日 土 、16日 日 は. 8月23日 日 、29日 土 は. Font size=3color=brown b 8月の営業について /b /font. Font size=3color=orange b ダージリンセカンドフラッシュ予約承ります。 Font size=3color=brown b 臨時営業時間について /b /font. Font size=3color=orange b 夏本番 /b /font. Font size=3color=brown b 通常営業致します /b /font. Font size=3color=brown b 本日通常営業致します。 C) 2015 無料ブログ JUGEM.
lost? or simply misguided » I dream amongst the stars; but wake beneath the sky
I dream amongst the stars; but wake beneath the sky. October 16th, 2013 by ben. My blog has been moved from www.leafwood.net to blog.leafwood.net. It’s not like anyone linked to my posts anyways, so it’s fine (but links should be correctly redirected). Oh yeah, I’m a college sophomore now. Hi! May 13th, 2013 by k. A more organized, larger cheating ring/scandal. More death threats against teachers. Actual violence against a teacher. A drug business primarily involving Adderall. July 24th, 2012 by ben.
リーフワークスBlog
Firefox 40.0以降でinput sizeが大きくなる原因と解決方法. 2015年8月11日にfirefox 40.0がリリースされ、 一部のWEBサイトでinputサイズが大きくなる問題が発生しているようです。 発生条件は、inputタグにfont-familyを指定していない、またはCS 続きを読む ». 具体的なデータを持っておくことで比較 検討がしやすく、 今後の学園祭に反映 続きを読む ». アンケートを行うことで、 お客様の属性 来店理由 有効な広告媒体 どのようなことを訴求すればよいのか など、 一度に情報を得ることができま 続きを読む ». アンケートを作成する前に知っておきたいことについては、 より良いイベント作りの為 効果的なアンケートの作り方 で紹介しています。 実際に、項目 続きを読む ». 近年では、スマートフォンの普 続きを読む ». Firefox 40.0以降でinput sizeが大きくなる原因と解決方法.
Leafy Code Blog
Hi, we are a team of SL based developers designing and developing web sites, complex web apps and more. On ruby on rails. How to Install Ruby on Rails 4 in Linux. Yesterday we talked about the advantages of using Ruby on Rails. After reading it, some of you might want to get started right away. So, today we are going to see how to install the latest version of Rails on a Linux machine. We will show you how to do…. On ruby on rails. Why I ditched PHP for Ruby on Rails. Welcome to Leafy Code! Page 1 of 1.
Leafypad | Handling Your Cash Flow as a Pro
Handling Your Cash Flow as a Pro. Siete Nuevas Reglas para Hablar en Público en la Era de Social Media. February 13, 2012. 1 No te apániques si no te están mirando. 2 Evitar la tentación de pedir una moratoria de dispositivos. 3 Si no estás nervioso, deberías estarlo. 4 Si no hablas el idioma de Twitter, es tiempo de aprender! Es posible que estés hablando con millones que no te pueden ver. 6 Los comentarios son en tiempo real. 7 Cuando todo falla, sorprende al público con honestidad. February 6, 2012.
SOCIAL ENGAGEMENT