DEV Community: Jadi

Hacking Hidden Paths with ffuf - Web Fuzzing Made Simple

Jadi — Wed, 20 Aug 2025 22:03:04 +0000

A couple of weeks ago, someone emailed me some personal files and videos I have forgotten I have left somewhere on my VPS.

In this video I'll show a common tool for finding these files: ffuf

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs

Jadi — Sun, 31 Mar 2024 13:26:18 +0000

Recently a bad actor, implemented a backdoor is one of the most widely used libraries in GNU/Linux distors; the xz compression suit. This backdoor lets the attacker to execute system() calls with no authentication; an RCE attack.

It seems this bad actor; called "JiaT75" was planning for this during last 2 years and succeeded to do so after acquiring trust and becoming a trusted developer of the project.

In this video I will explain the attack and the background knowledge needed to understand it.

How systemd v255 will bring the dreaded Windows BSOD to GNU/Linux: A deep dive into the source code

Jadi — Sat, 09 Dec 2023 17:03:54 +0000

A technical look at the news of "Python moves to remove the GIL". Some coding & some source checking

Jadi — Mon, 28 Aug 2023 14:12:15 +0000

Python's usage exploded even when it was merely new; lacking lots of features. One main reason for this was its great integration with C libraries. Combine this with the possibility of using Threads and you will get your holy grail: and easy language with threads which can use C libraries! BUT! But python needed a Global Interpreter Lock to be able to run C Libraries in its threads.

In this video we will have a closer look at this concept. I will describe the necessity of GIL in Cpython and will show you why and how it is slowing down multi-threaded CPU hungry program. We will check the source code and will understand why both parties (defending and protesting the GIL removal) are claiming that the "You are slowing down Python!"

Sign your git commits, no-nonsense ! without “intro”, “why” & …

Jadi — Wed, 16 Aug 2023 07:37:34 +0000

I’m not going into “why you should sign” and blah blah to make this post longer. Most people are here because they needed to sign their commits and they searched (mainly my self future!).

First, check your keys. Signing with SSH keys is easier because most people already do have their ssh keys & are using them to login into the github. So check the ~/.ssh/ directory for a pair of id_rsa and id_rsa.pub (or any other format of the key you have).

Second, tell the git command to use them for signing. In my case it would be:

git config --global gpg.format ssh
git config --global user.signingkey /home/jadi/.ssh/id_rsa.pub

Obviously your directory will be different and you may want to omit the --global to set the configuration only for the project you are in.

Next, sign your commits with the -S switch:

git add this_file that_file
git commit -S -m 'This is a signed commit'

you already have a commit and you need to sign it? use the commit --amend -S

Last step is adding this signing key to your github account. Go to the https://github.com/settings/keys, add the public key (so /home/jadi/.ssh/id_rsa.pub) in my case and save it as a signing key. This will lead to a verified badge near your signed commits.

Done.

How to use SOAP/WSDL APIs using SoapUI & Python Zeep

Jadi — Sat, 01 Jul 2023 13:13:18 +0000

In our Agile / Mobile / "moderm" and fron/back life, we see lots of REST APIs. Using REST is straight forward if you know your HTTP, GET, Post, ...
But on the enterprise level, you will start seein SOAP and WSDL based APIs which look more confusing. Why? Because they are designed machines in mind and sometimes WSDL file is seen as the documentation and you wont get a human readable doc!
No worries... WSDL has whatever you need to work with your APIs. In this Post I'll show you how! Using SoapUI and the Zeep python library.

Managing users and groups in GNU/Linux

Jadi — Wed, 07 Jun 2023 15:27:32 +0000

We already know about the users and groups. In this module we will see how you can create new users / groups, how to modify them and how to delete them from the system. We will also have a look at some files who are playing important roles here and will cover a few less-seen commands like chage.

Part 1:

Part2:

Accessing and browsing blockchain using web3py python library

Jadi — Sat, 03 Jun 2023 06:00:50 +0000

This is from HeroCTF v5, Blockchain challenge called Arrest. It reads:

In the dim-lit confines of his room, a lone figure hunched over a computer screen. Known online as 'Swissy', he was one of the most notorious ransomware operators worldwide.
From his small apartment in a forgotten corner of Moscow, Swissy had wreaked havoc on the digital world, crippling entire industries with his ransomware attacks.
But tonight, his reign of terror ended abruptly. A sudden knock echoed through the room, followed by the splintering of the door as Russian FSB agents stormed in.
Swissy was arrested, but the real challenge was only beginning - tracing the syndicate behind him.
Find the address who funded the ransomware operator (0xf6c0513FA09189Bf08e1329E44A86dC85a37c176)

To solve it, I use web3py to connect to the blockchain and then will check for every block created from the beginning. There, I will check for transactions in the block and if there is any, I will check for its "to". If it matches, we will show the "from" (which is Swissy!).

IMO this can be a good intro if you are interested in using web3py and blockchain programming in general.