5 easy tips to accelerate SSL

http://unhandledexpression.com/2013/01/25/5-easy-tips-to-accelerate-ssl/

(Read More..)

dump windows password from memory WCE v1.3beta 32bit released

WCE v1.3beta 32bit released 

 

 http://hexale.blogspot.com/2012/03/wce-v13beta-32bit-released.html

(Read More..)

password storage (and attacking) in PHP

http://www.slideshare.net/ircmaxell/password-storage-and-attacking-in-php

(Read More..)

Comfortable PHP Editing With VIM -7-

http://schlitt.info/opensource/blog/0739_comfortable_php_editing_with_vim_7.html

(Read More..)

PHP : Application Logic Security

https://joind.in/7814

(Read More..)

Rails SecureHeaders

The gem will automatically apply several headers that are related to security. This includes:

• Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and other classes of attack. CSP 1.1 Specification
• HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS Specification
• X-Frame-Options (XFO) - Prevents your content from being framed and potentially clickjacked. X-Frame-Options draft
• X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
• X-Content-Type-Options - Prevent content type sniffing 

https://github.com/twitter/secureheaders

(Read More..)

Python Shortcuts for the Python Beginner

Python Shortcuts for the Python Beginner

http://maxburstein.com/blog/python-shortcuts-for-the-python-beginner/

(Read More..)

Vaurien, the Chaos TCP Proxy

Ever heard of the Chaos Monkey?
It’s a project at Netflix to enhance the infrastructure tolerance. The Chaos Monkey will randomly shut down some servers or block some network connections, and the system is supposed to survive to these events. It’s a way to verify the high availability and tolerance of the system.
Besides a redundant infrastructure, if you think about reliability at the level of your web applications there are many questions that often remain unanswered:

• What happens if the MYSQL server is restarted? Are your connectors able to survive this event and continue to work properly afterwards?
• Is your web application still working in degraded mode when Membase is down?
• Are you sending back the right 503s when postgresql times out ?

Of course you can – and should – try out all these scenarios on stage while your application is getting a realistic load.
But testing these scenarios while you are building your code is also a good practice, and having automated functional tests for this is preferable.
That’s where Vaurien is useful.
Vaurien is basically a Chaos Monkey for your TCP connections. Vaurien acts as a proxy between your application and any backend.
You can use it in your functional tests or even on a real deployment through the command-line.


http://vaurien.readthedocs.org/en/1.5/

(Read More..)

emmet (ex : zen coding ) cheat sheet

http://docs.emmet.io/cheat-sheet/

(Read More..)

JavaScript Quiz Set

http://blog.bolshchikov.net/post/40917260776/javascript-quiz-set

JavaScript Quiz Set

JavaScript quiz is the good instrument to distinguish between  JS ninjas, JS developers, and JS experts. Here is a set of JS tests, sorted by difficulty.
Beginner:
http://madebyknight.com/javascript-scope/
Intermediate:
https://github.com/nathansmith/javascript-quiz
http://www.nczonline.net/blog/2010/02/16/my-javascript-quiz/
Expert:
http://dmitrysoshnikov.com/ecmascript/the-quiz/
http://perfectionkills.com/javascript-quiz/

(Read More..)

Android Candy: WiFi Analyzer

http://www.linuxjournal.com/content/android-candy-wifi-analyzer

(Read More..)

nginx TLS SNI support enabled

http://nginx.org/en/docs/http/configuring_https_servers.html#sni

(Read More..)

Understand the Favicon

http://www.jonathantneal.com/blog/understand-the-favicon/

(Read More..)

ngx_pagespeed

http://ngxpagespeed.com/ngx_pagespeed_example/

(Read More..)

metasm : The METASM assembly manipulation suite

http://code.google.com/p/metasm/

(Read More..)

Hiding files in GIF comments

http://www.floyd.ch/?p=616

(Read More..)

Automated generation of code alignment code for Unicode buffer overflow exploitation

http://www.floyd.ch/?p=629

(Read More..)

The #Tor Guide for Hidden Services And Staying #Anonymous

http://57un.wordpress.com/2012/10/09/the-tor-guide-for-hidden-services-and-staying-anonymous/

(Read More..)

Baking Pi - Operating Systems Development

http://www.cl.cam.ac.uk/freshers/raspberrypi/tutorials/os/

(Read More..)

Bran's Kernel Development

http://www.osdever.net/bkerndev/Docs/title.htm

(Read More..)

MySQL security tasks easily solved with common_schema

http://code.openark.org/blog/mysql/mysql-security-tasks-easily-solved-with-common_schema

(Read More..)

Navigator: Geographic calculation library for PHP

http://simonholywell.com/post/2013/01/navigator-geographic-calculations-library-for-php.html

(Read More..)

ngrep kill connections

ngrep -qK 1 -t 'GET ' 'dst host 75.126.153.206 and dst port 80' #Kill GET connections requests by sending 1 RST segment pic.twitter.com/0iMVdlOI

(Read More..)

PSR-Huh?

http://net.tutsplus.com/tutorials/php/psr-huh/

(Read More..)

PaaS under the hood, episode 5: Distributed routing with Hipache

http://blog.dotcloud.com/under-the-hood-dotcloud-http-routing-layer

http://blog.dotcloud.com/tag/underthehood

https://github.com/nodejitsu/node-http-proxy

https://github.com/dotcloud/hipache

https://github.com/samalba/hipache-hchecker

http://code.google.com/p/cirruxcache/

https://github.com/samalba/hipache-nginx

http://zerorpc.dotcloud.com/

(Read More..)

Javascript Source Maps 101 :

http://net.tutsplus.com/tutorials/tools-and-tips/source-maps-101/

(Read More..)

Python Scripts as a Replacement for Bash Utility Scripts

http://www.linuxjournal.com/content/python-scripts-replacement-bash-utility-scripts

(Read More..)

SQUASH : bug smashing tool

http://squash.io/

(Read More..)

Heap Layout Visualization with mona.py and WinDBG

https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/

(Read More..)

Abusing MySQL string arithmetic for tiny SQL injections

http://blog.kotowicz.net/2013/01/abusing-mysql-string-arithmetic-for.html

(Read More..)

Retrieving List of MySQL Users and Grants with Perl

http://scriptingmysql.wordpress.com/2013/01/10/retrieving-list-of-mysql-users-and-grants-with-perl/

(Read More..)

B+Tree index structures in InnoDB

http://blog.jcole.us/2013/01/10/btree-index-structures-in-innodb/

(Read More..)

The physical structure of records in InnoDB

http://blog.jcole.us/2013/01/10/the-physical-structure-of-records-in-innodb/

(Read More..)

On learning InnoDB: A journey to the core

http://blog.jcole.us/2013/01/02/on-learning-innodb-a-journey-to-the-core/

(Read More..)

Solution for: MySQL 5.6 password expired, PHP can’t connect, application stops

 http://blog.ulf-wendel.de/2013/solution-mysql-5-6-password-expired-php-cant-connect

 

(Read More..)

The Facebook Loading Animation in CSS

http://css-tricks.com/the-facebook-loading-animation-in-css/

(Read More..)

Airbnb JavaScript Style Guide() {

https://github.com/airbnb/javascript

(Read More..)

75 Free Buttons For Online Payment Service Providers

 

 http://pepsized.com/75-free-buttons-for-online-payment-service-providers/

(Read More..)

Wilson is a pure ruby x86 assembler. No, really. Worst Idea Evar.

https://github.com/seattlerb/wilson

(Read More..)

My eighteen MySQL 5.6 favorite troubleshooting improvements

https://blogs.oracle.com/svetasmirnova/entry/my_18_mysql_5_6

(Read More..)

chrome developer : DOCK to Right

https://github.com/mauricelam/DockToRight



dev tools vertical
https://github.com/melat0nin/chrome-devtools-vertical

(Read More..)

A quick introduction to innodb_ruby

http://blog.jcole.us/2013/01/03/a-quick-introduction-to-innodb-ruby/

(Read More..)

Percona Toolkit by example – pt-stalk

http://www.mysqlperformanceblog.com/2013/01/03/percona-toolkit-by-example-pt-stalk/

(Read More..)

The basics of InnoDB space file layout

http://blog.jcole.us/2013/01/03/the-basics-of-innodb-space-file-layout/

(Read More..)

More on global transaction ID in MariaDB

http://kristiannielsen.livejournal.com/17008.html

(Read More..)

PHP Session ID’s – The Risks

http://news.thehackernews.com/4391

(Read More..)

Nokogiri

An HTML, XML, SAX, & Reader parser with the ability to search documents via XPath or CSS3 selectors… and much more

 

 

http://nokogiri.org/

(Read More..)

architecture-of-messagepack

http://www.slideshare.net/frsyuki/architecture-of-messagepack

(Read More..)

MessagePack : It's like JSON. but fast and small.

MessagePack is an efficient binary serialization format. It lets you exchange data among multiple languages like JSON but it's faster and smaller. For example, small integers (like flags or error code) are encoded into a single byte, and typical short strings only require an extra byte in addition to the strings themselves.
If you ever wished to use JSON for convenience (storing an image with metadata) but could not for technical reasons (encoding, size, speed...), MessagePack is a perfect replacement.

http://msgpack.org/

(Read More..)

List of All Countries in All Languages and All Data Formats

http://dev.umpirsky.com/list-of-all-countries-in-all-languages-and-all-data-formats/

(Read More..)

Python For Beginners

http://www.pythonforbeginners.com/

(Read More..)

proper PHP session setup

<?
/* In a nutshell, this is a quick way to ensure your sessions are difficult to attack. There may be
 * ways to improve this configuration but it's a good starting point, I feel.
 *
 * Code released in accordance with the ZAP > http://tlwsd.info/LICENSE.txt
 *
 * Requirements: HTTPS (get a free cert from StartSSL.com if you have no money :P)
 * A well-configured webserver (see: Calomel.org)
 * Access to server config is a bonus because you can just change php.ini and not have to make a bunch of runtime calls to ini_set() thus boosting performance
 */
ini_set('session.cookie_httponly', true);
  # Above: Tells the user's browser to not expose session cookie contents to Javascript
ini_set('session.cookie_secure', true);
  # Above: Tells the user's browser to not expose session cookie contents to unencrypted HTTP
ini_set('session.entropy_file', '/dev/urandom'); // On BSD systems, you may wish to use use /dev/arandom
ini_set('session.entropy_length', '32');
ini_set('session.hash_function', 'sha256');
ini_set('session.hash_bits_per_character', '6');
 # Above: Use strong pseudorandom data in the session IDs to prevent session fixation
ini_set('session.use_trans_sid', false);
session_start();
  // All configuration must be set before session_start();
?>

(Read More..)

Face Down

Description

Face Down | is a Facebook Cookie / Session Hijack Bash (sh) script that depends on two well know sniffers (Ettercap) and (TShark) "the Terminal based version of (Wireshark)" ,the basic job that it does is that it sniff the cookies all over the (HTTP) protocol all over the network.
This script was made as a POF (proof of concept) script for school project.
KEEP IN MIND THAT:
This tool/script is meant only for educational purposes on user's own computer/network or computers/networks the user has permission of owner thereof to use the tool/script on. The creator assumes no responsibility for any damage caused from misuse of the software.

Special Thanks to the web developers:
Mahran Omairy & Ibraheem Abu-kaff


This script was written by:
Noras Salman & Ali Shatrieh

http://sourceforge.net/projects/facedown/

(Read More..)

SLAAC Attack – 0day Windows Network Interception Configuration Vulnerability

http://resources.infosecinstitute.com/slaac-attack/

(Read More..)

PHP Session ID’s – The Risks - proper SESSION SETUP

http://news.thehackernews.com/4391

(Read More..)

http://philsturgeon.co.uk/blog/2012/12/why-do-some-php-devs-love-static

(Read More..)

Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!

https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/

(Read More..)