Posts

Kinesis is a company based near Seattle that offers computer keyboards with ergonomic designs as alternatives to the traditional keyboard design. Most widely known among these are the contoured Advantage line, which features recessed keys in two bucket-like hollows to allow the user’s fingers to reach keys with less effort The Advantage 360 line was released in 2022 and is still insanely popular and challenging to get hold of. The pro edition allows you to customise the firmware, which is ZMK based. Kinesis have outsourced the actual job of compiling the firmware to GitHub Actions. ...

After witnessing insane minimalism paired with a tiler (tiling window manager), knew it was my time to take the pilgrimage to Arch Linux. Some characteristics that make Arch unique: The Arch Way embody the principles behind Arch Linux; simplicity, modernity, pragmatism, user centrality and versatility. Forces one to build the system up by hand. This encourages you to question the role of each component of the system, and available options to satisfy that component (e.g. the terminal emulator). The result is a highly tailored and minimal system that meets precisely your needs. Practical and pragmatic documentation. The Arch Wiki is the gold standard when it comes to documentation. The Arch User Repository (AUR) is a treasure chest of pre-packaged useful recent software. Somehow every program I’ve ever needed has been available on AUR. Rolling upgrades. Arch was born in 2001, when Canadian programmer Judd Vinet, inspired by the elegance of systems such as Slackware and the BSD’s, set out to build his own distro based on a similar ethos. The first formal release, 0.1, dropped on March 11, 2002. ...

Background Using asyncio will not make your code multi-threaded. That is, it will not cause multiple Python instructions to be executed at the same time, and it will not in any way allow you to side step the so-called “global interpreter lock” (GIL). Some processes are CPU-bound: they consist of a series of instructions which need to be executed one after another until the result has been computed. Most of their time is spent making heavy use of the processor. ...

Start with the docs and the Type hints cheat sheet Topics for consideration: syntax shorthands e.g. | for Union or Optional Self If you are using the typing library then there is an abstract type class provided for asynchronous context managers AsyncContextManager[T], where T is the type of the object which will be bound by the as clause of the async with statement. mypy If you are using typing then there is an abstract class Awaitable which is generic, so that Awaitable[R] for some type R means anything which is awaitable, and when used in an await statement will return something of type R. ...

An important part of becoming “good” at a language is becoming familiar with its library eco-system. The official Python Standard Library reference manual rocks. Module Category Description argparse functions for parsing command line arguments atexit allows you to register functions for your program to call when it exits bisect bisection algorithms for sorting lists (see Chapter 10) calendar a number of date-related functions codecs functions for encoding and decoding data collections a variety of useful data structures concurrent asynchronous computation copy functions for copying data csv functions for reading and writing CSV files datetime classes for handling dates and times fileinput file access iterate over lines from multiple files or input streams fnmatch functions for matching Unix-style filename patterns glob functions for matching Unix-style path patterns io functions for handling I/O streams and StringIO, which allows you to treat strings as files. json functions for reading and writing data in JSON format logging access to Python’s own built-in logging functionality multiprocessing allows you to run multiple subprocesses, while providing an API that makes them look like threads operator functions implementing the basic Python operators, instead of writing your own lambda expressions os swiss army knife access to basic OS functions pprint data types data pretty printer random functions for generating pseudorandom numbers re regular expression functionality sched an event scheduler without using multithreading select access to the select() and poll() functions for creating event loops shutil file access access to high-level file functions signal functions for handling POSIX signals tempfile file access functions for creating temporary files and directories threading access to high-level threading functionality urllib provides functions for handling and parsing URLs uuid allows you to generate Universally Unique Identifiers (UUIDs)

There are many ways to write unit tests in Python. unittest Here the focus is living off the land with built-in unittest. unittest is both a framework and test runner, meaning it can execute your tests and return the results. In order to write unittest tests, you must: Write your tests as methods within classes These TestCase classes must subclass unittest.TestCase Names of test functions must begin with test_ Import the code to be tested Use a series of built-in assertion methods Basic example import unittest class TestStringMethods(unittest.TestCase): def test_upper(self): self.assertEqual('foo'.upper(), 'FOO') def test_isupper(self): self.assertTrue('FOO'.isupper()) self.assertFalse('Foo'.isupper()) def test_split(self): s = 'hello world' self.assertEqual(s.split(), ['hello', 'world']) # check that s.split fails when the separator is not a string with self.assertRaises(TypeError): s.split(2) if __name__ == '__main__': unittest.main() Assertions The TestCase class provides several assert methods to check for and report failures. ...

Special methods (dunders) Foundational Iterators Compariable classes Serializable classes Classes with computed attributes Classes that are callable Classes that act like sets Classes that act like dictionaries Classes that act like numbers Classes that can be used in a with block Esoteric behavior Design Patterns As I learn more about Pythons idioms reflect on its unique approach to object based programming. In combination with duck typing its approach to objects feels distrubingly flexible. ...

Forked from 101t/python-cheatsheet.md RTFM The Python Standard Library Built-in Functions Python Enhancement Propsoals (PEPs) The Zen of Python never far away in the REPL import this Contents Getting started: CPython, Easter eggs, Import paths, venv Collections: List, Dictionary, Set, Tuple, Range, Enumerate, Iterator, Generator Functions: Functions, Modules Types: Type, String, Regular_Exp, Format, Numbers, Combinatorics, Datetime Syntax: Args, Splat, Inline, Closure, Decorator, Class, Duck_Type, Enum, Exception System: Exit, Print, Input, Command_Line_Arguments, Open, Path, OS_Commands Data: JSON, Pickle, CSV, SQLite, Bytes, Struct, Array, Memory_View, Deque Advanced: Threading, Operator, Introspection, Metaprograming, Eval, Coroutines Libraries: Progress_Bar, Plot, Table, Curses, Logging, Scraping, Web, Profile, NumPy Packaging and Tools: Real app, Bytecode disassembler, Poetry, Gems, Resources CPython Most distros lag behind the latest releases of python. Its quite a pleasant experience to just build CPython from source, as per the docs: sudo apt update sudo apt install build-essential gdb lcov pkg-config \ libbz2-dev libffi-dev libgdbm-dev libgdbm-compat-dev liblzma-dev \ libncurses5-dev libreadline6-dev libsqlite3-dev libssl-dev \ lzma lzma-dev tk-dev uuid-dev zlib1g-dev ./configure sudo make sudo make install sudo python3 -m pip install --upgrade pip setuptools wheel Easter eggs import this import antigravity from __future__ import braces Import paths When importing modules, Python relies on a list of paths to know where to look for the module. This list is stored in the sys.path variable. ...

It’s semester 2 2023 and time for my final subject in the UNSW Cyber Security Masters course, digtital forensics run by Seth Enoka. I got to venture deep into Windows internals, including core Windows memory structures, subsystems such as prefetch and shimcache, NTFS file system internals and mechanicsm including MFT analysis and much more. All this analysis was conducting using the following Linux analysis tools: Tools Tools Description Yara A pattern-matching tool used in malware research and forensic analysis to identify and classify files based on defined rules and signatures. Volatility 2 & 3 Open-source memory forensics frameworks used to extract and analyze digital artifacts from volatile memory (RAM) in a memory dump to investigate cyber incidents and malware. Volatility USNParser Plugin A Volatility plugin specifically designed to parse and extract information from the USN journal on Windows systems, aiding in file activity analysis. SCCA Tools SCCA (Source Code Control System Analysis) Tools assist in examining version control system repositories to identify code changes, contributors, and track project history. ESEDB Tools These tools provide access to Extensible Storage Engine (ESE) Database files, commonly used in Windows applications, for analysis and recovery purposes. analyzeMFT A tool used in digital forensics to parse and analyze the Master File Table (MFT) entries from NTFS filesystems, revealing information about files and directories. Oletools A collection of Python-based tools for analyzing and extracting data from OLE (Object Linking and Embedding) files, such as Microsoft Office documents, often used in malware analysis. Wireshark A widely-used network protocol analyzer that captures and inspects data packets on a network, helping with network troubleshooting, security analysis, and protocol reverse engineering. The Sleuth Kit (TSK) An open-source digital forensic toolkit that includes various CLI tools (mmls, fls, icat) for file system analysis and data recovery from different operating systems. Plaso An open-source Python-based tool used for super timeline creation and log analysis, helping to reconstruct events and activities from various data sources for forensic investigations. Advanced Forensics Format Library (afflib) Tools Tools for working with the Advanced Forensics Format (AFF), an extensible open file format used in computer forensics to store disk images and related metadata. wxHexEditor A hexadecimal editor with a graphical user interface, used for low-level data inspection and editing in forensic analysis and reverse engineering. Gnumeric A spreadsheet application, similar to Microsoft Excel, used for data analysis and visualization, including data manipulation and statistical functions. Personal Folder File Tools (pfftools) Tools designed to work with Personal Folder File (PFF) formats, commonly used by Microsoft Outlook to store emails, calendars, and other personal data. These tools aid in email forensics and analysis. Resources Windows shellbags 8 timestamps on an NTFS file system, an attacker can fairly easily mutate 4 of them, hard to convincingly adjust nano-second level Eric Zimmermans Windows Forensics Tools SANS Hunt Evil Poster Knowing what’s normal on a Windows host helps cut through the noise to quickly locate potential malware. Use this information as a reference to know what’s normal in Windows and to focus your attention on the outliers. MITRE ATT&CK MITRE ATT&CK for ICS Cyber Kill Chain Industrial Cyber Kill Chain Locard’s Exchange Principle NIST Guide to Forensics in Incident Response Dragos Threat Groups Crowdstrike Adversary Groups Diamond Model for Intrusion Analysis The Four Types of Threat Detection Volatility v2.4 cheat sheet Module 0 - Intro Locards Principle (Edmond Locard aka Sherlock Holmes of France) ...

Cool new features in 3.11. Performance 1.2x faster generally, thanks to an adaptive interpreter (PEP659) that optimises byte-code based on observed behaviour and usage. Take for example the LOAD_ATTR instruction, which under 3.11 can be replaced by LOAD_ATTR_ADAPTIVE. This will replace the call to the most optimised instruction based on what is being done, such as: LOAD_ATTR_INSTANCE_VALUE LOAD_ATTR_MODULE LOAD_ATTR_SLOT Disassembling some code: def feet_to_meters(feet): return 0.3048 * feet for feet in (1.0, 10.0, 100.0, 1000.0, 2000.0, 3000.0, 4000.0): print(f"{feet:7.1f} feet = {feet_to_meters(feet):7.1f} meters") import dis dis.dis(feet_to_meters, adaptive=True) # 1 0 RESUME 0 # # 2 2 LOAD_CONST 1 (0.3048) # 4 LOAD_FAST 0 (feet) # 6 BINARY_OP 5 (*) # 10 RETURN_VALUE However, when the interpreter is given more concrete to work with its able to optimise. For example, outside the loop context when given a float, floating point instructions are put to work: ...