Pwning Python 3 VM via an intended feature (Disclaimer: Not a vulnerability)

Sections:

• Indexing into Known Memory
• Creating a call gadget
• Changing the page permissions using ctypes
• Crafting our Shellcode

I wrote my last post on fpdf2 18 months ago. We released 7 more versions of fpdf2 since then!

This article will present some of the major features introduced since v2.7.3 to v2.8.1 of fpdf2: click on the buttons below to reveal the various changes brought …

Latest informations on Pypi and related security / vulnerabilities...

I discovered this coding puzzle in numero 4 of Paged Out, on page 32.

I found it fun and wrote my own solution in Python: paintbrush.py

It reminded me of Project Euler problems.

I recommend to give it a go based on the Paged Out one-page article, without reading Alperen Keles answer or mine! 🙂

RMBG v1.4 is our state-of-the-art background removal model, designed to effectively separate foreground from background in a range of categories and image types. This model has been trained on a carefully selected dataset, which includes: general stock images, e-commerce, gaming, and advertising content, making it suitable for commercial use cases powering enterprise content creation at scale. The accuracy, efficiency, and versatility currently rival leading source-available models. It is ideal where content safety, legally licensed datasets, and bias mitigation are paramount.

FROM: Underscore_ @ YouTube

There already are multiple blogging solutions which are part of the Fediverse.
ActivityPub, the network protocol behind the Fediverse can only be fully implemented by means of an active server component: Among other things, incoming messages delivered to inboxes have to be processed. Sometimes they need to be forwarded, and outgoing messages need to be signed.
Nevertheless I wanted to figure out, which parts of the ActivityPub protocol can be implemented in a purely static website, and how well other servers in the Fediverse interact with it. My goal was to attach this blog to the Fediverse. The blog is generated using the static site generator software Pelican.

We live in a world that is gradually and incessantly attracted by over-rationality and order. In this article we’ll burst the enchanted bubble and embrace corruption and chaos — We’re going to discuss the topic of image glitch art.

tomato is a python script to glitch AVI files
It was designed to operate video frame ordering, substraction and duplication.

Youtube generates revenue from user ad views, and it’s logical for the platform to implement restrictions to prevent people from downloading videos or even watching them on an unofficial client like YouTube Vanced. In this article, I will explain the technical details of these security mechanisms and how it’s possible to bypass them.

...

Since mid-2021, YouTube has included the query parameter n in the majority of file URLs. This parameter needs to be transformed using a JavaScript algorithm located in the file base.js, which is distributed with the web page. YouTube utilizes this parameter as a challenge to verify that the download originates from an “official” client. If the challenge is not resolved and n is not transformed correctly, YouTube will silently apply throttling to the video download.

The JavaScript algorithm is obfuscated and changes frequently, so it’s not practical to attempt reverse engineering to understand it. The solution is simply to download the JavaScript file, extract the algorithm code, and execute it by passing the n parameter to it.

...

Many projects currently use these techniques to circumvent the limitations put in place by YouTube in order to prevent video downloads. The most popular one is yt-dlp (a fork of youtube-dl) programmed in Python, but it includes its own custom JavaScript interpreter to transform the n parameter.

No More GIL! the Python team has officially accepted the proposal (PEP-703)

Aujourd’hui on se penche sur une technique de piratage très maligne, vu qu’elle repose principalement sur : votre répondeur. Martin Vigo, un expert en cybersécurité, a mis au point un soft qui permet d’exploiter des répondeurs du monde entier. En y accédant, il peut ainsi aller réinitialiser les accès de nombreux services utilisant la double authentification, comme Whatsapp, Paypal, Facebook ou encore Linkedin, bref, tous les services qui peuvent vous envoyer un code par téléphone.

Pylint is a great static code analyser for Python code. I have been using it for several years, in various projects, and it's simple to use yet very powerful.

I even contributed to Pylint by submitting a new rule a few years ago : implicit-str-concat.

For an introduction to Pylint, you …

open-source non-profit search engine for shadow libraries, like Sci-Hub, Library Genesis, and Z-Library

🔍 Moteur de recherche des bibliothèques clandestines : livres, journaux, BD, magazines. ⭐️ Bibliothèque Z-Library, Bibliothèque Genesis, Sci-Hub. ⚙️ Entièrement résilient grâce à un code et à des données open source. ❤️ Faites passer le mot : tout le monde est le bienvenu ici !

Technical write-up on how they setup this: https://annas-blog.org/how-to-run-a-shadow-library.html

Let’s start with our tech stack. It is deliberately boring. We use Flask, MariaDB, and ElasticSearch. That is literally it. Search is largely a solved problem, and we don’t intend to reinvent it.

Source: @sebsauvage

I wrote my latest post on fpdf2 almost a year ago. As we just released a new version, v2.7, this is the time to mention some recent additions to this library! 😊

This article will present some of the major features introduced between v2.5.3 & v2.7.3 of …

The other day, while working on fpdf2, I used @dataclass, a nice decorator that came in the standard library with Python 3.7, to quickly define a class that mostly stored data.

Then a question came to my mind: is the __slots__ memory optimization compatible with …

This describes tools and techniques that can identify memory leaks in Long running Python programs:

• Is it a Leak?
• Sources of Leaks
• A Bit About (C)Python Memory Management
  • Reference Counts
  • Garbage Collection
  • The Big Picture
  • CPython’s Object Allocator (pymalloc)

Here is a visualisation of memory allocators from top to bottom (from the Python source Objects/obmalloc.c):

    _____   ______   ______       ________
   [ int ] [ dict ] [ list ] ... [ string ]       Python core         |
+3 | <----- Object-specific memory -----> | <-- Non-object memory --> |
    _______________________________       |                           |
   [   Python's object allocator   ]      |                           |
+2 | ####### Object memory ####### | <------ Internal buffers ------> |
    ______________________________________________________________    |
   [          Python's raw memory allocator (PyMem_ API)          ]   |
+1 | <----- Python memory (under PyMem manager's control) ------> |   |
    __________________________________________________________________
   [    Underlying general-purpose allocator (ex: C library malloc)   ]
 0 | <------ Virtual memory allocated for the python process -------> |

   =========================================================================
    _______________________________________________________________________
   [                OS-specific Virtual Memory Manager (VMM)               ]
-1 | <--- Kernel dynamic storage allocation & management (page-based) ---> |
    __________________________________   __________________________________
   [                                  ] [                                  ]
-2 | <-- Physical memory: ROM/RAM --> | | <-- Secondary storage (swap) --> |

You can use this program but I wrote a simple python script which enumerates the exported functions from the provided DLL (dll-def.py)

A simple way to prevent DLL hijacking from happening would be for applications to always use absolute paths instead of relative ones. Although some applications (notably portable ones) will not always be able to do so, applications located in \system32\ and relying on DLLs in the same folder have no excuse for doing otherwise. The better option, which only very few Windows executables seem to do, is to verify all DLLs before loading them (e.g. by checking their signatures) - this would largely eliminate the problem.

Following last week animated PDF adventure, I have been reading a series of one page dungeons... And yesterday I had the opportunity to play the best one in my opinion: The Sky-Blind Spire by Michael Prescott.

It has everythng I love on one page: a maze to explore, mysteries to …

Last week, while translating John Harper's micro-TTRPG World of Dungeons: Turbo Breakers, I discovered the wonderful world of one page dungeons, starting with Michael Prescott splendid production at trilemma.com and also the yearly One Page Dungeon Context.

While crawling through the OPDC 2021 entries, I discovered a great map …

LibreOffice macro script to change the font of the select objects

Works well with LibreOfficeDraw