| XZ Backdoor symbol deobfuscation. Updated as i make progress |
After 2024-04-02 I am only adding important new discoveries (I come accross). There is just too much Blog and Video entries to keep track of.
Initial disclosure:
CVE and Alerts
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.
| ---------------------------------------------------------------------------------------------------- | |
| tcpdump -s 0 #capture entire etherner header and IP packet | |
| tcpdump -ni tap55ec3c7f-91 ip6 #locate the ICMPv6 packets | |
| tcpdump -s0 -n -i any -w /tmp/$(hostname)-smbtrace.pcap #if the SMB client or SMB server is a Unix host,Troubleshooting Server Message Block (SMB) | |
| tcpdump -D #Print the list of the network interfaces available on the system and on which tcpdump can capture packet | |
| tcpdump -X -vvv -n -i eth0 |
| diff --git a/owa.tracker-combined-min-1.6.2.js b/owa-tgs.js | |
| index c718d10..2c5fd6e 100644 | |
| --- a/owa.tracker-combined-min-1.6.2.js | |
| +++ b/owa-pretty.js | |
| @@ -1,7 +1,3 @@ | |
| -/* OWA owa.tracker package file created Sun, 03 Jun 18 20:57:14 -0700 */ | |
| - | |
| -/* Start of json2 */ | |
| - | |
| if (!this.JSON) { |
Source: https://x.com/LundukeJournal/status/1940441670098809093
Hence, if you are interested in existing applications to "just work" without the need for adjustments, then you may be better off avoiding Wayland.
Wayland solves no issues I have but breaks almost everything I need. Even the most basic, most simple things (like xkill) - in this case with no obvious replacement. And usually it stays broken, because the Wayland folks mostly seem to care about Automotive, Gnome, maybe KDE - and alienating everyone else (e.g., people using just an X11 window manager or something like GNUstep) in the process.
| [ | |
| { | |
| "backcolor": "#222222", | |
| "name": "Wanyoo yKeyboard 78 key", | |
| "author": "icyleaf", | |
| "pcb": false | |
| }, | |
| [ | |
| { | |
| "c": "#282828", |
| [ | |
| { | |
| "name": "My preferred Tex Yoda II Layout", | |
| "background": { | |
| "name": "Aluminium brushed", | |
| "style": "background-image: url('/bg/metal/aluminum_texture1642.jpg');" | |
| }, | |
| "radii": "15px", | |
| "switchMount": "cherry", | |
| "switchBrand": "cherry", |
| import binascii | |
| import itertools | |
| # XORs two byte strings together | |
| def xor_bytes(bytes1, bytes2): | |
| return [ chr(ord(a) ^ b) for (a, b) in zip(bytes1, bytes2) ] | |
| # XORs a ciphertext with the malware's hardcoded key, and repeats it until it's long enough to match the ciphertext length. | |
| def decrypt(cipher, key_hex = 'BB2FA36AAA9541F0'): | |
| key_bytes = [ ord(a) for a in key_hex ] |
While I'm learning how to use Nginx, I was instructed to update the server_names_hash_bucket_size (/etc/nginx/nginx.conf) value from 32 to 64, but I don't understand why should I increase the value to 64.
References that have been read so far: