Artem Golubin
@rushter
Followers
634
Following
219
Media
27
Statuses
351
Software Engineer. Infosec, classic ML, network protocols, software internals.
Joined January 2009
One of the weirdest OSS requests that I got: "Your library returns an error on specific input. Can you suppress it? I don't want to handle it. It's okay to ignore it."
0
0
0
Wrote a new blog post about my experience debugging hash tables in Go. https://t.co/MnnVNqOgEU
rushter.com
A journey of debugging hash tables in Go.
3
10
42
Yeah, let's trust file extensions. Reminds me of the good old days when some of the web engines disallowed uploading .php files, but were happy with file.txt.php. After uploading it, you could just go to the site[.]com/uploads/file.txt.php and it was happily executed on the
Google has announced the 1.0 release of Magika - an "AI-powered file type detection system" And everything about it makes my eye twitch. Now, you may be saying to yourself... "File type detection? Isn't that... what... file extensions are for? I know it's a JPEG image...
0
0
0
Writing a new rule to detect malicious code in Python scripts, and my binary is detected as malware because it checks for specific signatures in text that Apple also tracks in binaries π«‘
0
0
0
This is an excerpt from my recent blog post
rushter.com
Why code analysis can be hard when it comes to malicious code.
0
0
1
Thanks to @charliermarsh and the Ruff team for making parts of Ruff reusable for other projects. Good AST parser and semantic modeling saved me a lot of time.
1
0
3
Made a new library that statically analyzes Python code for malicious or harmful behavior. https://t.co/tMPLBeSF5H
github.com
Static analysis of malicious Python code. Contribute to rushter/hexora development by creating an account on GitHub.
2
0
4
Fun observation. If you insert a null byte in a Google search query, the query will be trimmed.
0
0
0
Just block such submitters. They should be ashamed. Their incentive is to get some contributions for a resume without knowing a thing about your code/project. This was a thing even before LLMs.
AI-generated code is among the WORST code I have ever reviewed. (At least I don't have to be nice to a machine.) We might start rejecting all AI-written code entirely. What a waste of everyone's time.
1
0
3
Since Python functions are objects too, you can assign variables to them. This can be abused in many ways, although not for production code.
1
1
1
One thing that I like testing on websites that support sending private messages is the ability to message yourself. Funny enough, LinkedIn requires a premium subscription when you attempt to do this.
1
2
9
"in 2025 we will have flying cars" πππ
125
1K
19K
Threat Hunting Introduction: Cobalt Strike
rushter.com
An introduction to Threat Hunting and Cobalt Strike
0
7
11
Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun: md5("TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak") = md5("TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak")
45
2K
6K
Iβve spent the last 20 years of my career riding the gravy train of βbeing good at Google,β but now that Google search results are awful I guess Iβll need to become good at something else.
12
58
553