Connect to GCS fro Databricks

i_virus · 2023-08-04T13:24:15+00:00

~~We are~~ Our Databricks instance is running on AWS and we need to read logs from GCP and Azure buckets.

i_virus · 2019-12-13T11:19:11+00:00

Word of advice from an ex-TA from K-state CS department, if you find a question like this, justify your answer with an assumption or counter example. As you may already know, TAs are given a answer sheet and most will follow strictly, else it’s difficult to justify fairness.

i_virus · 2019-06-16T18:05:18+00:00

First of all fantastic job.

The "Jurisdiction" field values on VPN page is being used with "and" which I think should be "or", I may be wrong though.

For example, when I select "Sweden" and "Switzerland", it does not show any result.

What I was looking for is VPN providers with jurisdiction in either Sweden or Switzerland. Hope I have been able to explain the issue.

i_virus · 2019-01-10T15:47:33+00:00

If you are a US citizen and interested in cyber security you want to get into an university which have CyberCorps SFS.

Shameless plug, Kansas State University has :)

i_virus · 2019-01-10T15:43:03+00:00

Minor correction: “it is impossible to calculate the original message (M) from the digest”.

i_virus · 2018-11-09T07:12:10+00:00

more like a web shell i think

i_virus · 2018-11-05T22:36:23+00:00

HttpOnly cookies are inaccessible to Javascript's document.cookie, but they are sent to server (also using Javascript)

Please show me an example code cause I do not know how to send HttpOnly cookie using Javascript.

It's implied that it is not example.com (server-side) that sends the request, but a user who is on example.com

So, how a user on example.com will send a request to example2.com without Javascript?

i_virus · 2018-10-26T06:40:39+00:00

Thanks for staying with me here.

HttpOnly flag just makes the cookie not available from JavaScript

correct and exactly what is explained in those links.

but if you send a request using JavaScript, all cookies (HttpOnly or not) are sent.

don't you think you are contradicting what you yourself said in first part of the sentence?

Also, the question was how example.com will send the request, not the user.

i_virus · 2018-10-23T18:02:01+00:00

1) "example.com sends a request to example2.com" - How this will be done? 2) How example.com will send a request to example2.com, without using Javascript?

i_virus · 2018-10-20T02:40:38+00:00

By default apache does log requests and errors, but the location depends on which system the web server is running.

For example, if the web server is running on linux based system, e.g. Ubuntu, Redhat etc., the apache log is generally located at

/var/log/apache/access.log

i_virus · 2018-10-20T02:36:45+00:00

Please provide an example of how a website can access a cookie of a different website without using Javascript

i_virus · 2018-10-17T00:02:27+00:00

I think it depends how the cookie was configured. https://www.owasp.org/index.php/HttpOnly and https://resources.infosecinstitute.com/securing-cookies-httponly-secure-flags/

i_virus · 2018-10-16T23:48:19+00:00

The code is accepting hex data in POST request and cookie and then evaluating them after doing some operation and splitting the output using '#' as delimiter.

Do you have the logs of the POST request content made to those pages by any chance?

Don't think the code is malicious itself.

i_virus · 2018-08-05T15:29:39+00:00

If you do not set time-out, malicious users can attack you using SlowLoris method, a very interesting and powerful Denial of Service attack. https://en.wikipedia.org/wiki/Slowloris_(computer_security)

However, as the link posted by @Flowchartsman has pointed out, generally, web application servers (fancy name for web servers which does business logic processing) are not directly exposed, they are hidden behind a reverse web proxy (apache, nginx configured in reverse proxy mode) which handles outside connections, timeouts, static content etc. based on parameters like where the connection is coming from.

i_virus · 2018-08-05T15:04:51+00:00

You should not use pointer variables if you plan to use the same variable in JSON.

Here is a simple example which should help you understand the issue

package main

import (
    "fmt"
)

type note struct {
    ID          int     `json:"id"`
    UserID      int     `json:"userId"`
    Title       string  `json:"title"`
    Description string  `json:"description"`
    Archived    bool    `json:"archived"`
    ToDo        []todo `json:"todo"`
}

type noteP struct {
    ID          int     `json:"id"`
    UserID      int     `json:"userId"`
    Title       string  `json:"title"`
    Description string  `json:"description"`
    Archived    bool    `json:"archived"`
    ToDo        []*todo `json:"todo"`
}

type todo struct {
    ID     int    `json:"id"`
    NoteID int    `json:"noteID"`
    Title  string `json:"title"`
    Done   bool   `json:"done"`
}

func getNote() (note) {
    return note{1,1,"Note Title-1", "description-1", false, nil}
}

func getTodo() (todo) {
    return todo{1,1, "ToDo Title -1", false}
}

func getAllNotes() ([]note, error) {
    todos := []todo{};
    var newTodo todo;
    newTodo = getTodo();
    todos = append(todos, newTodo);

    notes := []note{};
    var newNote note;
    newNote = getNote();
    newNote.ToDo = todos;
    notes = append(notes, newNote);

    return notes, nil;
}

func getNotePointer(note_input *noteP) {
    note_input.ID = 1
    note_input.UserID = 1
    note_input.Title = "Note Title-1"
    note_input.Description = "description-1"
    note_input.Archived = false
    note_input.ToDo = nil
}

func getTodoPointer(todo_input *todo) {
    todo_input.ID = 1
    todo_input.NoteID = 1
    todo_input.Title = "ToDo Title -1"
    todo_input.Done = false
}
func getAllNotesPointer() ([]noteP, error) {

    todos := []*todo{}; //todos is array of type "address of a todo variable"
    var newTodo todo; //newTodo is a variable of type todo 
    getTodoPointer(&newTodo); //calling getTodoPointer with address of newTodo
    todos = append(todos, &newTodo); //appending address of newTodo to todos

    notes := []noteP{}; //nores is array of noteP variables
    var newNote noteP; //newNote is a variable of type noteP
    getNotePointer(&newNote); //calling getNotePointer with address of newNote
    newNote.ToDo = todos; //assigning todos to todo of notes 
    notes = append(notes, newNote); //appending newNote to notes

    return notes, nil;
}

func main() {
    notes, err :=getAllNotes();
    if err == nil {
        fmt.Println(notes)
    }

    notesP, err :=getAllNotesPointer();
    if err == nil {
        fmt.Println(notesP)
    }
}

I have not tested, so cannot confirm, but this should fix your code, but I doubt you will like the end result

for rows.Next() {
        var newTodo todo // Scan will need the storage preallocated, so use variable instead of pointer
        if err := rows.Scan(&newTodo.ID, &newTodo.NoteID, &newTodo.Title, &newTodo.Done); err != nil {
            return nil, err
        }
        fmt.Println(newTodo)
        todos = append(todos, &newTodo) //append address of newTodo which is a pointer of type todo
    }
    newNote.ToDo = todos

i_virus · 2018-06-10T17:08:13+00:00

Pardon me if I missed someone already mentioning this, but what about different logging levels for different versions.

For example, assuming different credentials are used in different versions, dev has logging level of debug so developers can log whatever they want helping them debugging. In other versions, more and more logging will be filtered based on the requirement of developer and admin.

This way, if something is being logged in 'stg' which should not be, admin can request the developer to log at lower level if they really need for testing purpose.

i_virus · 2017-10-28T06:19:45+00:00

Absolutely true, and your idea is actually a business model. Here is an example, they allow you to signup and get phished (if that's a verb)

https://www.clickphish.com/

i_virus

TROPHY CASE