Protobuf Extraction, Analyze Private URLs & Audiolize React Performance


Summary of my bookmarked links and Github repositories from Mar 10th, 2024

Links

  • Reverse Engineering Protobuf Definitions From Compiled Binaries

    The blog post introduces "protodump," a CLI tool for extracting full source protobuf definitions from compiled binaries. It explains the tool's functionality, demonstrating how it works with a golang example. The strategy involves searching for sequences resembling FileDescriptors in program binaries and extracting protobuf definitions. While the approach has limitations, it proves effective for most binaries using Google's protoc compiler. The author also invites readers to follow on Twitter for similar content.

  • You can not simply publicly access private secure links, can you?

    SummaryDiscover the hidden risks in popular malware/url analysis tools like urlscan.io, Hybrid Analysis, and Cloudflare Radar URL Scanner. Unintentional submissions of sensitive links and misconfigurations reveal private data, including files from cloud storage, corporate communications, and password reset links. While responsible for content, these services lack effective mechanisms to review and remove sensitive links. urlscan Pro offers broader access, but potential leaks persist. Threat hunters leverage canary tokens to identify automated sources. Users can flag links for removal, but the challenge remains, prompting caution when using these services for threat intelligence.

Github repositories

  • kristiandupont/react-geiger

    React Geiger is a performance tool that "audiolizes" React issues, producing clicks for slow component rerenders. Easily implemented by wrapping components with options like profilerId, renderTimeThreshold (default: 50ms), phaseOption ('mount', 'update', or 'both'), and enabled status. Disable with caution, as React.Profiler is disabled in production builds by default. Check it out in action in the provided playground.