Weekly Digest #35
Articles
Playing games with an attacker: how I messed with someone trying to breach the CryptoWall tracker
The author tells a story of how he tries to uncover the attacker through fake websites, fake SQL dump and Tor exit nodes
Never a dill moment: Exploiting machine learning pickle files
The PM(Pickle Machine) contains two opcodes that can execute arbitrary Python code outside of the PM, pushing the result onto the PM’s stack: GLOBALand REDUCE.
GLOBAL is used to import a Python module or class, and REDUCE is used to apply a set of arguments to a callable, typically previously imported through GLOBAL.
Loading pickle file can result in malicious program to execute. We can use flicking to detect this
Tutorials
Interactive Deep Learning Book with Multi-Framework Code, Math, and Discussions
Tools
profile-summary-for-github (vue + kotlin)
Off-topic
https://git-history.jpalmer.dev/
A visualisation of the commit history in git
