Weekly Reading's from Anant - Week 1 Feb

Last week i wrote an extensive coverage of sudo bug “Baron Samedit” however this week i will try a different style and will try to cover various stuff I encountered in last 1 week rather then going for a deep dive into one subject.

This week has been a mix bag of things for me some infosec, some non infosec. I will try to cover bits and pieces from all of them here.

At the start of the week we welcomed the news that objective-see tools are now all opensource.

When it comes to OSX, objective-see is one of the must have source of software for privacy enhancement and to increase your own visibility of system. If you are on OSX systems I would definitely recommend having a look at the toolset.

Friends over at RedhuntLabs have been neck deep in researching the Internet and periodically give everyone a glimpse of research that they do. This time around it was the second wave of project Resonance

The topic of internet scanning or mass scanning in general has been a fascinating topic for me. instead of having a laser focus you spread your wings in a larger span and you are bound to catch a lot more than you hoped for. The same applies with this “Project Resonance”.

From the dataset and results presented my observations are:

Last week i have spend a lot of time dealing with Semgrep

semgrep by return2corp is a sementic greping tool which is a new way of grepping through your codebase but in a language aware manner. The. tool is under active development and have recently added support for PHP. which is what was my primary focus this week. The support is in alpha phase so be cautious with it. They are starting to build a ruleset for PHP but dont have high hopes as of now. Rulesets in my opinion are as good as what the community builds. The power of semgrep is not in running public ruleset but rather in fine tuning it as per your own organisation or project’s coding standards and getting the most out of it. I will probably be writing a more in-depth article around semgrep with regards to php in sometime once I have had enough of play with it till then few references to look for

There are couple of articles that are in my to read list. Noting them here:

The week started with myself struggling with BigSur upgrade rendering my laptop useless for nearly a full day. Laptop booted fine on recovery and safe mode but not in standard mode. Internet seem to be filled with these issues. Few observations i had:

Answer to my problems came in form of a obscure comment

https://developer.apple.com/forums/thread/649886

With this We have reached the end of this week’s newsletter. Please do subscribe if you like the newsletter and do send in your thoughts if you like this style or you prefer concrete single topic newsletters.

Till next news letter, Have a good time.