How a helper script choked a high-performance storage server

In: Dev /

Recently I had the pleasure of helping with a research project based around machine learning that was in the final stages of development. To test the implementation, I was asked to transfer roughly 30,000 training and test images to a storage server. The server is running a MinIO instance which, for the uninitiated, is basically an open source equivalent to Amazon S3 providing a high availability, high performance object storage. I had already worked with MinIO before and I was comfortable using it, but I was provided with a helper script written by someone in the research group that’d take care of uploading a large amount of images from a directory. Thinking that I didn’t need to spend time coming up with my own solution, I quickly got to work and expected to spend maybe half an hour figuring out how the script works and uploading all images.

Read more.

Analyzing noscript usage, and being tracked in the process

When designing the theme for my personal blog, I wanted to make sure that the site would work just fine with JavaScript disabled. All kinds of scripts on this site are merely to add some neat little features here and there. However, this made me wonder about the state of the modern web and its reliance on scripts in the browser. What happens if you strip them away? I checked how websites deal with browsers that don’t allow JavaScript, taking the noscript HTML element as my metric of choice. And although fewer websites broke than I initially suspected, it shows that you don’t need scripts to effectively track people.

Read more.

HackTheBox: Registry Writeup

Registry is a vulnerable Linux machine hosted over at HackTheBox with a difficulty rating of 5.7 out of 10. It hosts a Docker registry with lack of proper authentication. Login credentials can be found looking into a Docker image that can be pulled from said registry. From there, the path to root incorporates tricking a CMS into uploading a web shell and using a backup utility to get access to files that wouldn’t normally be accessible by anyone.

Read more.