In part 1 of this blog data was exfiltrated from a workstation to GitHub using Git.
In part 2, we’ll dive into investigating the data on a Windows 10 workstation to determine whether any sensitive data was exfiltrated to GitHub using Git.
The investigation focuses on analyzing traces left on the device, excluding network activity logs.
Continue reading →
When Maven needs to download artifacts from a remote repository, it logs the progress of the download. This can lead to a lot of noise in the output. Luckily, we can suppress the logging of the download progress. Since Maven 3.6.1. we can use the command-line option --no-transfer-progress
to disable the logging of the download progress. There is also a short version of the option: -ntp
.
Continue reading →
In a previous blog post we learned about the default input sources that are used by Helidon SE. The list of input sources is different based on which artifacts are on the classpath of our application. When we write tests for code in our application that uses the default configuration created by Config.create()
we must take into account that different input sources are used. Also here it is based on the artifacts that are on the classpath. That means that different files with configuration data are loaded, eg. a file application-test.conf
when we have the artifact helidon-config-hocon
and a file application-test.yml
if the artifact helidon-config-yaml
is on the classpath.
Continue reading →
Blogtober, een jaarlijks terugkerend initiatief waarin onze collega’s elke (werk)dag in oktober (veelal technische) blogs delen! Echt iets voor onze developers, mensen vanuit de inhoud, die hun kennis op deze manier met de wereld delen.
Tot vorige week mijn collega Erik Pronk als ‘geintje met een seintje’ liet vallen dat hij nog wacht op een blog van mij.
Mijn eerste gedachte: grappig, niks voor mij.
Mijn tweede gedachte: challenge accepted!
Continue reading →
In my previous blog post Prompt Engineering: Tool or Threat to Software Engineering?, I discussed what Prompt Engineering is and how it can be used to help us as software engineers.
In this follow-up blog I will dive into Claude 3, the latest AI from Anthropic, and how it can impact us as software engineers.
Continue reading →
In this two-part blog post, we’ll explore how data exfiltration to GitHub can be carried out from a Windows 10 workstation and how to investigate such incidents.
Part 1 focuses on how data can be exfiltrated using Git and GitHub.
In Part 2, we’ll dive into forensic techniques to retrieve evidence of data exfiltration and determine what was sent from the workstation.
Continue reading →
Misclicked and stumbled on this blog?
I can relate, every time using the UI of a cloud provider I’m always nervous I make errors in configuring my resources.
In answer to this DevOps is embracing GitOps, DevOps taking development best practices and applying them to infrastructure automation.
Continue reading →
If you run multiple batch updates in postgres, you may run into deadlocks.
We’ll look into why this happens and how we can prevent it.
Continue reading →
There are many ways to analyse and write down business needs and hand them over to developers for implementation.
In many cases knowledge and information gets lost in translation and/or developers don’t understand exactly what to build and come up with their own solutions and the scope gets bigger and bigger, also called scope creep.
So, how can we get to a shared understanding of the business needs and prevent scope creep?
Continue reading →