Can you give me details of all the terms that are useful to understand properly the issue with crash after we use "!analyze -v"? Which term indicates what like The FAULTING_IP field shows the instruction pointer at the time of the fault.
I am not getting it anywhere with proper description.
It is BUCKET_ID that categorizes the issue, and Microsoft has a big internal database to reveal typical issues,
The BUCKET_ID field shows the specific category of failures that the current failure belongs to. This category helps the debugger determine what other information to display in the analysis output.
If you are connected to the internet, the debugger attempts to access a database of crash solutions maintained by Microsoft. This database contains links to a tremendous number of Web pages that have information about known bugs. If a match is found for your problem, the INTERNAL_SOLUTION_TEXT field will show a URL that you can access for more information.
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/using-the--analyze-extension
If you need to investigate on non typical issues, things like STACK_COMMAND might be your friend.
However, dump analysis on native crashes is never an easy task, and corrupt memory can further mess up the situation.
So you should buy services from either Microsoft or other service providers.
Related
I'm using AWS Personalize to recommend some products. There are 2 test users with totally different impressions data. Yet they are getting the same Recommendations (duplicate).
Anyone come across this issue? The 2 Users in this case have very different product impressions, so there should not be any overlap.
Thanks!
I had the same issue in the past. When recommendations are being the same for different users, then the issue is that your interactions events are being ignored/not recognised correctly.
AWS Personalize has a fixed recommendations set for users, that haven't interacted with the items dataset yet. You can test it yourself, by trying to get recommendations for non-existing user (generate uuid for example). Recommended items will be the same as for users, that you spotted the issue for.
In our case, what we find out, was that all of the interactions were not correctly recognised by Personalize. If you are using PutEvents API to save events in realtime, it might fail silently, if you set sessionId to 'null', instead of omitting this parameter. You will get 200 OK response from Personalize API, however event won't be saved.
You can find out more about this in this GitHub issue, which was indeed closed and not resolved: https://github.com/aws/aws-sdk-js/issues/3371
If that's not the case for you, then I would strongly advise to take a closer look into other PutEvents params, since they could be also causing similar behaviour. Try to experiment with minimal PutEvents API call and be sure that it works (recommendations should be changing immediately for this user). When you are sure, that your API call succeeds, then try adding more stuff from the call, that you are using normally, until it breaks, so you would know, which exactly parameter is causing problems.
I have been struggling to find a good architecture, or even any nomenclature for what I'm trying to do here. I'm looking for nomenclature so I can have a starting point for research. And I want the same for architecture, but I'll take whatever anyone wants to help with.
What I'm trying to do & learn about
In a nutshell I need my clients to exchange pub keys, and other security data such as ACL ID's, name etc.
Current architectural attempts
I'm currently using my server as a via point, mainly because I can't see any other way of doing this securely and this method uses many layers of security. I also don't know of any other method of going client app to app securely.
A client creates group and sends pub key to server, opens a live query to receive other users data. Other user (with secrets passed to user) queries server for pub key, then sends own data to admin user via server. Admin then sends remainder of own data. I'm leaving out trivial security details but this is the gist of what I'm doing.
Issues
This is really just logical back and forth, but I honestly don't know what I'm doing. I don't even know if what I'm doing is right or the best way, I've also got a crazy infinity loop I'm trying to solve.
I'm looking for some terminology, description and/or architectural pointers, I'll take any input I can get.
Forget terminology, nomenclature and architecture.
Define the problem you are trying to solve in a simple sentence.
Break down the issues into smaller pieces (bite size).
You send A data to server
What happens to the A data
Any feedback or acknowledgement from the target host?
What sort of application is this? Web, Mobile, traditional client/server?
The most elegant solutions are usually the simplest ones.
Sit down and determine whether you have a problem to solve in the first place.
Hi everyone and sorry for my bad English.
I'm learning penetration testing.
After reconnaissance and scanning of my target, I have enough information to pass to next phase.
Some info I have is open ports with related running services, names of the services, service's versions, operative system of the device, firewalls used, etc.)
I launched the mfs console.
I should find the correct exploit and payload, based on the information collected to gain access. I've read the Metasploit Unleashed guide on offensive-security. I've learned the Metasploit Fundamentals and the use of mfs console.
But I don't understand the way to start all of this. Assuming that my target has 20 ports open, I want test the vulnerability using an exploit payload that do not require user interaction. The possibilities of which exploit and payloads to use are now reduced, but are always too. Searching and testing all exploit and payloads for each ports isn't good! So, if i don't know the vulnerability of the target, how do I proceed?
I would like to be aware of what I do. and do not try without understanding.
Couple of things:
We have a stack exchange for security! Check it out at https://security.stackexchange.com/
For an answer: you want to look for "remote exploits", as those do not require user interaction. you can find a curated list of exploits here: https://www.exploit-db.com/remote/
You can search the services on this page for something that matches the same service/version as your attack vector.
I am completely stuck on where to start with getting a log-in area for a Clojure site I am building (for fun).
I've looked at several resources, which I'll post below, mercilessly copy/pasted code, and the closest I can get is one of two situations:
The login page takes the login but says that the login failed, though, as far as I can tell, the login matches.
Or I get this error: No method in multimethod '->sql' for dispatch value: null
I'm not sure how to interpret the above error: is this specifying that I need a multi-method or is it specifying that I need to check for null? The null requirement makes no sense at all. I'm not really asking but if anyone wants to give an explanation, that is great.
I tested the output by comparing the results-to-select queries from raw non-hashed data, I've went through 5 variations on this theme, using everything from page-to-page calls to creating new defpartials, multi-methods, defn, etc.
Sources I have used (unfortunately, I can't list all of them being a first-time poster):
This one uses Clojure -> Korma -> PostgreSQL, but the code doesn't seem to work for multiple users?
http://www.vijaykiran.com/2012/01/17/web-application-development-with-clojure-part-2/
This one shows how to use Noir and PostgreSQL (Yes, I am using Noir):
https://yogthos.net:11794/blog/23-Noir+tutorial+-+part+2
The 4Clojure site, but that one uses CongoMongo:
The Heroku Twitter clone, but no mention of how to create logins for one person, much less several.
I also bought Programming Clojure from O'Reilly Press, but once again, nothing about how to create a log-in area.
FIRST EDIT: I was asked to create a github repository of a stand-alone site. This includes a working "Account Creation" area that is found in the welcome.clj file and only a form of the Login area in login.clj.
I was attempting to get some of the same errors working as I had last night and also attempting to get this working before I uploaded the files. I don't have any reasonable starting points yet, thus there is no beginning implementation as of yet. I'm seriously embarrassed at the solutions I've been coming up with, thus I don't want to post them. I get conceptually what I should do, but for some reason, I can't seem to translate this. This is my first github account: my background is Python, Scheme a'la SICP, and some Python + PostgreSQL marketing program I built.
SECOND EDIT: Ack! I can't seem to get the thing to work at all... Yeah, I spent well over 20 minutes (hours) on this one, so I have just have to admit that I don't yet have the requisite knowledge to accomplish this, no matter how many sources I look to. I committed the updated files and all the odd things I tried, including all the variations on login box to running raw SQL. The closest I can come is getting it so that I don't get any errors, but no evidence at all that someone is logged in. Thanks so much for the help and suggestions. I'll most certainly return to this later.
https://github.com/dt1/noirKormaLogin
There are a couple of issues that I see. First, in datapass.clj, you're creating an entity with no content. I'm not sure how Korma handles that. It's trying to thread results as inputs to other functions, so I could see how nil gets introduced there.
Secondly, you'll need something to handle the login post. (defpage ...) only handles GET requests by default. You'll need a separate defpage to handle the post. Something along these lines:
(defpage [:post "/login"] {:keys [user-name pwd]}
(if-let [user (db/find-user user)]
(if (noir.util.crypt/compare pwd (:password user))
(do
(noir.session/put! :some-key some-value)
(noir.response/redirect "/success"))
noir.response/redirect "/failed-to-login"))
(noir.response/redirect "/failed-to-login"))
session/put! is how you put data into the session. The default is to use an in-memory store. You'll need to add Ring middleware to use persistent sessions (look at Session Stores).
Also, as luck would have, someone just posted an authentication app for Noir... you may want to take a look: https://github.com/xavi/noir-auth-app
my team is currently in the feasibility phase of a 'usage meter app' iPhone app. We would like to read the phone's total count of
Sent SMS
Made calls
Data sent and received
We are not after the call history like other posts or like this blog post reading the actual call logs (http://iosstuff.wordpress.com/2011/08/19/accessing-iphone-call-history/). All we need is the stats and how they change over the course of time.
As of iOS 4.0, it's no longer possible to do that call history trick described in the blog entry you posted there. Apple took away that "artefact of the implementation".
If you are a registered developer and have access to Apple's "private" dev forums (at https://devforums.apple.com), do a search on "call history" over the past year or two and you'll see Apple engineering attesting to that fact in the first few threads you'll find.
You'll probably want to file an enhancement request at http://bugreporter.apple.com, but I wouldn't expect a positive outcome immediately as this probably raises security and privacy issues.
As for network statistics, you can get per-interface stats via "getifaddrs" (man page linked for you). You get the list of addresses on that system, and then for each AF_LINK address, cast the ifa_data field to a (const struct if_data *) and access the interface statistics from there.
(there are also two caveats -- these stats are all reset to zero at startup time, and there's no easy way to easily tell which interface is cellular versus WiFi).