If running cider-connect-cljs returns the following error: It means the port is open, but nrepl is failing to respond. Ensure nREPL is listening on the right port and address. Where your project is running, do netstat -nl. If nrepl is bound to 127.0.0.1 in a docker container, update it to 0.0.0.0.
All posts by justintaft
Fun With Unsafe Rust
Business Types
Brain dump of how I think about businesses types. Some businesses package multiple types for their offering. Businesses not need to be complex, but only need to offer value. Content Aggregation – These businesses do not focus on creating new content, but rather collecting and aggregating. Examples include News websites, Social Media, Conferences,Blockbuster. Monetization comes…
Bug Hunting Tips
I really enjoy finding and exploiting critical findings. Following the below process helps me finding bugs consistently. 📚 Study Vulnerability Classes Familiarize yourself with different attacks, know when they apply, and understand their mitigations. This is key for three reasons: You increase your probabilities of finding good bugs. If you’re not aware of XXE, you would likely…
Typing Ergonomics – Modal editing, Sticky Keys, Voice Control
I’m a fan of pressing keys sequentially. Pressing multiple keys at the same time (key-chords) can cause unnecessary strain in my opinion. Emacs by default relies heavily on key-chords. Remapping common functions to Function Keys (F1-F12) can help. Personally, I install Evil Mode to use vim bindings within Emacs. Vim allows creating sequential keybindings quite…
How many people are writing memory corruption exploits?
I’ve wondered this for a while (especially when it comes to the private sector job market). Few Interesting Findings From Analyzing Data: ~1% of Global LinkedIn computer security related profiles mention memory corruption terms ( 22K/1.950M) ~1% of US LinkedIn computer security profiles mention memory corruption terms (11K/909K) ~501 Researches have submitted Memory Corruption bugs…
How To Break Into Application Security
So you want to be a white hat hacker? Computer Security is a fascinating field and can be quite rewarding. The work you do will protect people’s privacy, prevent fraud , and can even save people’s lives when working on critical systems. Having a college degree isn’t necessary. What’s more important is training yourself to…
Binary Reversing Methodologies
There’s an interesting quote that said the ability to take finer measurements allows leaps in the advances of science. Looking back at when I started to reverse engineer as a kid, it’s cool to see how I may approach problems differently as I learned new techniques. Uncovering Structure of Target Binary Detecting Decryption vs CompressionIf…
A note to my past self about stock market investing
Below is not investing / financial advice and may not be accurate. Read JL Collin’s book on a Simple Path To Wealth. It decomplexes investing. Max out employee 401k contributions. It’s free money. Do not try and beat the market. Stick with index tracking securities (VT,VTI, VXUS,VOO,BND,BNDX). Put money into the market every month. Setup…
CVE-2020-16225: TPEditor v1.96 Code Execution via Memory Corruption
TLDR; TPEditor v1.96 does not perform bound checking when copying “boot page” (.sta) file content to memory. The finding can be exploited to gain arbitrary code execution upon file opening. Greetz to @mufinnnnnnn who paired up with me on the review. It was a highly collaborative effort to discover and exploit the bug. [ZDI Link] This…