Easy Proof Omitted

A sink for random thoughts & experiments

0%

Decorators allow you to attach new functionality to a method without modifying it's behavior. This can be easily implemented in python because functions are treated as first class citizens (i.e a can be passed as arguments or returned from functions).

To put in simple terms:

A Decorator is a function the takes a function and returns a function.

They are used extensively in some popular frameworks like Flask.

Dummy Decorator

This is a simple decorator that prints a statement before and after a function is called.

Declare

1
2
3
4
5
6
7
8
def dec(f: Callable) -> Callable:
def g(*args, **kwargs):
print('Function starts')
r = f(*args, **kwargs)
print(f) # print function name and location in memory
print('Function ends')
return r # return result
return g # returns a new "decorated" function
  • Line 1: We define a new function (which will soon be our decorator) called dec which takes a function f as a parameter. I have added few type hints using import typing but it's not necessary and not enforced by the interpreter.

  • Line 2: We define a new inner function g which takes all the ordinary arguments and keyword arguments that function f takes.

  • Line 3: Just an example of something that happens before executing function f.

  • Line 4: Call function f with all of it's arguments and store result in variable r.

  • Line 5: Just and example of something that happens after executing function f.

  • Line 6: Returns the result of function f in order to keep it working as intended.

  • Line 7: Returns the newly decorated function g.

Usage

Now let's decorate a simple add function with the new decorator:

1
2
3
4
5
6
@dec
def add(x: float, y: float):
return x + y

add(5, 6)
print(add)

Output

1
2
3
4
5
Function starts
<function add at 0x7f6735d528b0>
Function ends
11
<function dec.<locals>.g at 0x7f6735d52940>

The difference in function name and memory address (line 2 & line 5) will be discussed below.

Timer Decorator

Here is an applicable example of a decorator that enables you to easily determine how long does a function takes in order to finish execution.

Declare

1
2
3
4
5
6
7
8
def timer(f: Callable) -> Callable:
def g(*args, **kwargs):
t_start = time.monotonic()
r = f(*args, **kwargs)
t_end = time.monotonic()
print(f"It took {t_end - t_start} to execute \"{f.__name__}\" function")
return r
return g

Usage

You replace the @dec with @timer or even stack multiple decorators on top of each other:

1
2
3
4
5
6
7
@dec
@timer
def add(x: float, y: float):
return x + y

add(5, 6)
print(add)

Output

1
2
3
4
5
Function starts
It took 5.5779964895918965e-06 to execute "add" function
<function timer.<locals>.g at 0x7f1da16d2940>
Function ends
11
  • Line 1: Output of decorator @dec.
  • Line 2: Output of decorator @timer.
  • Line 3, 4: The rest of @dec's output.
  • Line 5: Output of function add.

Tracker Decorator

Let's assume you want to keep track of the output of different functions in some sort of a global set. This can be useful for some sort of a simple unit testing solution.

Declare

1
2
3
4
5
6
7
8
9
TEST = set()

def track(f: Callable) -> Callable:
def g(*args, **kwargs):
r = f(*args, **kwargs)
t = (f.__name__, args, kwargs, r)
TEST.add(t)
return r
return g

Not much different than the previous decorators, only is adding a tuple that contains the function name, arguments and result to a global set called TEST.

Usage

1
2
3
4
5
6
7
8
print(add(5, 6))
print(add(3, 7))
print(add(11, 17))
print(add)
print(STATE)

assert STATE == {('add', (11, 17), 28), ('add', (5, 6), 11), ('add', (3, 7), 10)}
print('All tests passed successfully')

If anything went wrong with the assert statement; the interpreter will halt execution and raise and assert exception. AssertionError

Output

1
2
3
4
5
6
11
10
28
<function track.<locals>.g at 0x7f01e1b399d0>
[('add', (5, 6), {}, 11), ('add', (3, 7), {}, 10), ('add', (11, 17), {}, 28)]
All tests passed successfully

functools.wraps

In order to add additional functionality to a method, the decorator generate a new function with a new name in a new memory address which might confuse some tools and debuggers.

To avoid renaming your function and keep it's original docstring, use wraps from functools:

1
2
3
4
5
6
7
8
9
10
11
from functools import wraps

def dec(f: Callable) -> Callable:
@wraps(f)
def g(*args, **kwargs):
print('Function starts')
r = f(*args, **kwargs)
print(f) # print function name and location in memory
print('Function ends')
return r # return result
return g

Every once and a while, I check my email's spam folder for fun phishing attempts and stumped upon one in particular that was rather interesting:

1
2
3
4
5
6
7
8
Title: [Some old password]

Actually, I placed a virus on the xXx vids (sex sites) site & guess what, you visited this web site to have fun. While you were viewing videos, your web browser started working as a Remote Desktop having a keylogger which gave me accessibility to your display and also cam recording.
Just after that, my software collected all your contacts from your Messenger, social networks, and email.
[Some old password] is one of your passwords.
if you send me $986 as a donation through Bitcoin, I will erase the recording immediately.
(search for in Google "how to buy bitcoin"). my BTC Address: [A brand new bitcoin wallet address with zero transactions]
If I don't get the BitCoins in 24hrs, I will definately send your video to all of your contacts, don't.reply to this email it's hacked. WxEQ

Of course it goes without saying, This is "definately"1 non-sense, yet you might ask how did he managed to get the old password?

This answer is from one of many data breaches that happens almost every few months. Almost every major company had a data breach in some point (Adobe, Dropbox, LinkedIn, ...) and you can check your email using one of the following services:

have i been pwned?

have i been pwned? checks if you have an account that has been compromised in a data breach and offer to notify you if your email appears in any public accounts dump or spam list.

Hacked Emails

Hacked Emails very similar to have i been pwned? but requires email verification before checking your email against it's database of public data breaches.

DeHashed

DeHashed is similar to the other solutions but it takes this process one step further by offers a cheap subscription plan that allows anyone to get the list of publicly plaintext password for any email address.

If you happen to receive a similar email, Just ignore it.


  1. The miss-spelling was intentional.↩︎

Since it's foundation in 2015, Jupyter notebooks became the De facto standard for data manipulation and visualization. You can write code and annotate it with Markdown, HTML or even LaTeX.

Jupyter notebooks are not only for python, you can install additional community supported kernels for other programming languages like JavaScript, Scala or even C++ (yes, even compiled languages).

Google Colab

Google offers limited CPU, GPU and TPU time on their infrastructure free of charge.

At the time of writing, they offer:

  • 12GB RAM
  • 1 CPU
  • NVIDIA Tesla K80
  • TPU

Open Google Drive and from right-click menu More -> Connect more apps.

Search for Google Colaboratory.

Now you can create new notebooks in your Google Drive.

You can also access your files in Google Drive from inside the notebook. but first you have to mount it.

On left sidebar click on Files -> Mount Drive.

Paperspace

Under their Gradient° option, Paperspace offers a more generous notebooks for less time (6 hours) but you create new one after the previous one expired if they have available resources to spare.

Make sure to keep all your work in the storage folder in order for the changes made to persist across different notebooks.

At the time of writing, they offer:

  • 30 GB RAM
  • 8 CPU
  • NVIDIA Quadro P5000

Your Own Server

You always have the option to rent your own server from any cloud provider and customize it to your taste (and budget).

Here is a step-by-step guide on how to setup a quick notebook:

After you install python on your server you can install Jupyter through pip

1
$ pip install jupyterlab

Or download and install Anaconda which already comes with jupter pre-installed.

1
$ wget https://repo.anaconda.com/archive/Anaconda3-YYYY.MM-Linux-x86_64.sh

Make the script executable

1
$ chmod +x Anaconda3-YYYY.MM-Linux-x86_64.sh
Run it
1
$ ./Anaconda3-YYYY.MM-Linux-x86_64.sh

A very helpful wizard will ask you to accept the license and choose a location for the install directory.

Careful not click ENTER mindlessly. Last option asks you if you want to add the previously mentioned location to $PATH environment variable. the default is no, but i recommend typing yes.

1
2
3
Do you wish the installer to initialize Anaconda3
by running conda init? [yes|no]
[no] >>> yes

If you didn't, you can edit $PATH variable to add the anaconda's directory as the first path, in my case I installed it in /root/anaconda3.

1
2
 $ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

1
$ export PATH=/root/anaconda3:$PATH

If you type jupyter in your terminal and the usage instructions appeared, then everything this far is working as intended.

Next step is to generate a jupyter config file.

1
$ jupyter notebook --generate-config

This will create a config file in the ~/.jupyter/ called jupyter_notebook_config.py. Now open it with your favorite text editor and edit and uncomment few stuff.

Use '*' to allow any origin to access your server not just localhost.

1
c.NotebookApp.allow_origin = '*'

Change the allow_remote_access from False to True, Unless you want access the notebook through an SSH Forwarding.

1
c.NotebookApp.allow_remote_access = True

You can open a SSH tunnel without restarting your session using this escape sequence (sometimes called SSH Konami Code)

  1. Press the SHIFT key. (and keep pressing)
  2. Press the tilde (~) key.
  3. Press the letter C.
  4. Un-Press the SHIFT key.

A special SSH prompt will appear

1
2
3
4
5
6
7
8
9
ssh> help

Commands:
-L[bind_address:]port:host:hostport Request local forward
-R[bind_address:]port:host:hostport Request remote forward
-D[bind_address:]port Request dynamic forward
-KL[bind_address:]port Cancel local forward
-KR[bind_address:]port Cancel remote forward
-KD[bind_address:]port Cancel dynamic forward
This will bind port 8888 on the server to port 8888 on your machine.
1
ssh> -L 8888:localhost:8888

Change the allow_remote_access from False to True, Unless you want access the notebook through an SSH Forwarding.

1
c.NotebookApp.allow_remote_access = True

This enables you to server your Notebook over HTTPS (highly recommended for security).

  1. You can generate your own self-signed SSL certificate but this will make your browser show a warning everytime you visit your notebook (since the browser doesn't recognize the issuer of the certificate). $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mykey.key -out mycert.pem

  2. You can generate a free certificate from Let's Encrypt, they offer certbot a very handy tool that automates the process of creating the certificate.

  3. After that put the path of the certificate file, CA file and key file here

1
2
3
4
c.NotebookApp.certfile = ''
c.NotebookApp.client_ca = ''
...
c.NotebookApp.keyfile = ''

Let the server accept connections from any IP instead of just locahost.

1
c.NotebookApp.ip = '*'

The port the notebook server will listen on.

Make sure to use port 443 if and only if you have set a SSL certificate and instead to use HTTPS.

1
c.NotebookApp.port = 80 # (443)

Here you can specify a directory as a starting point for your notebook. I like to create a workspace folder and keep everything in it.

This makes backup process easy as you only have only directory to worry about.

1
c.NotebookApp.notebook_dir = '' # (/root/workspace)

We don't need a browser tab to open (on the server side) whenever we run jupyter.

1
c.NotebookApp.open_browser = False

Assuming multiple parties are going to use this notebook server, set quit button to False to avoid accidental shutdown of the server.:

1
c.NotebookApp.quit_button = False

Feel free to change anything else according to your own needs. Then save your changes and run the jupyter and copy token.

1
2
3
4
$ jupyter notebook
...
http(s)://[ip]:[port]/?token=[token]
...

Type in the IP of your server in your browser and you will be greeted with a window asking your a token to setup the password. paste the token under the Setup a Password bottom section and type new password.

Later on, the server will only ask you for the password.

Congratulations, your own jupyter server is ready.

Go create notebooks that will change the world.

System for the automated classification of white blood cells (leukocytes). Input is a WBC image and the output is the class of the given image.

You can download the LISC (Leukocyte Images for Segmentation and Classification) database from the following link: http://users.cecs.anu.edu.au/~hrezatofighi/Data/Leukocyte%20Data.htm

An example of each of the five classes of white blood cell is shown in the following figure:

Phase 1: Segmentation

Load a random specimen as HSV

Different color spaces has been tested (RGB, LAB, LIN) and found HSV is most suitable for the given task.

1
2
3
4
img = rgb2hsv(imread('specimen.bmp'));
% Extract the second layer
layer = img(:, :, 2);
imshow(layer);
Original RGB Sample HSV's saturation layer

Isolate nucleus

The process mainly involved carefully incrementing the threshold until an optimal segment has been found.

Here is the result of a careful iterative process over a large sample to extract the nucleus.

1
2
3
nucleusThreshold = 0.3686;
p1 = layer > nucleusThreshold;
imshow(p1);

Prune nucleus

Small unwanted artifacts can be removed by an open mask with a disk structural element of size 8.

1
2
se = strel('disk', 8);
p1 = imopen(p1, se);

Isolate surrounding fluid

The surrounding fluid is essential in identifying variations of whiteblood cells.

Similar process of isolating the nucleus has been used to isolate the fluid.

1
2
3
fluidThreshold = 0.0980;
p2 = layer > fluidThreshold;
imshow(p2);

Prune fluid

Same as nucleus, unwanted artifacts can be removed by an open mask with a disk structural element but with a size 28.

1
2
3
se = strel('disk', 28);
p2 = imopen(p2, se);
imshow(p2);

Merge nucleus with fluid

Here the fluid is given a more distinguished color (used 150 grey) then added to the nucleus.

1
2
3
4
p1 = im2uint8(p1);
p2 = im2uint8(p2);
p2(p2 == 255) = 150; % distinguish fluid from nucleus
imshow(p1 + p2); % combine components

Examples

1
2
3
4
5
6
7
8
9
SAMPLE_SIZE = 6;
for i=1:SAMPLE_SIZE
res = imread('samples/' + string(i) + '_res.png');
ref = imread('samples/' + string(i) + '_expert.bmp');
% figure, imshowpair(res, ref, 'montage');
subplot(1, 2, 1), imshow(res);
subplot(1, 2, 2), imshow(ref);
figure;
end
Segmenter Ground Truth

Phase 2: Feature Extraction

Deep Learning is a machine learning technique that can learn useful representations and features directly from images. A CNN learn these features automatically from images from generic low level features like edge and corners all the way to specific problem features.

Deep Learning algorithms not only perform classification but also learn to extract features directly from image, thereby eliminate the need for manual feature extraction.

Instead of training a CNN from scratch, we use a pre-trained CNN model (VGG-19) as an automatic feature extract known as Transfer Learning.

VGG-19 has been trained on over a million images and can classify images into 1000 object categories (such as keyboard, coffee mug, pencil, and many animals).

The network has learned rich feature representations for a wide range of images. The network takes an image as input and outputs a label for the object in the image together with the probabilities for each of the object categories.

Here a demonstration on how to fine-tune a pre-trained VGG-19 CNN to perform classification on LISC image database.

Training Model

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
%% Load Dataset
dsTrain = imageDatastore('train', 'IncludeSubfolders', true, ...
'LabelSource', 'foldernames');
dsValidate = imageDatastore('validate', 'IncludeSubfolders', true, ...
'LabelSource', 'foldernames');
%% Resize Dataset
augTrain = augmentedImageDatastore([224 224], dsTrain);
augValidate = augmentedImageDatastore([224 224], dsValidate);
%% Load VGG-19 network
net = vgg19();
analyzeNetwork(net)
%% Replace last layers
layersTransfer = net.Layers(1:end-3);
numClasses = numel(categories(dsTrain.Labels))

layers = [
layersTransfer
fullyConnectedLayer(numClasses,'WeightLearnRateFactor', 20, ...
'BiasLearnRateFactor', 20)
softmaxLayer
classificationLayer];

%% Network options
options = trainingOptions('sgdm', ...
'MiniBatchSize',10, ...
'MaxEpochs',6, ...
'InitialLearnRate',1e-4, ...
'Shuffle','every-epoch', ...
'ValidationData',augValidate, ...
'ValidationFrequency',3, ...
'Verbose',false, ...
'Plots','training-progress');
%% Train Network
vgg19LISC = trainNetwork(augTrain, layers, options);

Layers Details

Layer Number Name Type Description
1 input Image Input 224x224x3 images with 'zerocenter' normalization
2 conv1_1 Convolution 64 3x3x3 convolutions with stride [1 1] and padding [1 1 1 1]
3 relu1_1 ReLU ReLU
4 conv1_2 Convolution 64 3x3x64 convolutions with stride [1 1] and padding [1 1 1 1]
5 relu1_2 ReLU ReLU
6 pool1 Max Pooling 2x2 max pooling with stride [2 2] and padding [0 0 0 0]
7 conv2_1 Convolution 128 3x3x64 convolutions with stride [1 1] and padding [1 1 1 1]
8 relu2_1 ReLU ReLU
9 conv2_2 Convolution 128 3x3x128 convolutions with stride [1 1] and padding [1 1 1 1]
10 relu2_2 ReLU ReLU
11 pool2 Max Pooling 2x2 max pooling with stride [2 2] and padding [0 0 0 0]
12 conv3_1 Convolution 256 3x3x128 convolutions with stride [1 1] and padding [1 1 1 1]
13 relu3_1 ReLU ReLU
14 conv3_2 Convolution 256 3x3x256 convolutions with stride [1 1] and padding [1 1 1 1]
15 relu3_2 ReLU ReLU
16 conv3_3 Convolution 256 3x3x256 convolutions with stride [1 1] and padding [1 1 1 1]
17 relu3_3 ReLU ReLU
18 conv3_4 Convolution 256 3x3x256 convolutions with stride [1 1] and padding [1 1 1 1]
19 relu3_4 ReLU ReLU
20 pool3 Max Pooling 2x2 max pooling with stride [2 2] and padding [0 0 0 0]
21 conv4_1 Convolution 512 3x3x256 convolutions with stride [1 1] and padding [1 1 1 1]
22 relu4_1 ReLU ReLU
23 conv4_2 Convolution 512 3x3x512 convolutions with stride [1 1] and padding [1 1 1 1]
24 relu4_2 ReLU ReLU
25 conv4_3 Convolution 512 3x3x512 convolutions with stride [1 1] and padding [1 1 1 1]
26 relu4_3 ReLU ReLU
27 conv4_4 Convolution 512 3x3x512 convolutions with stride [1 1] and padding [1 1 1 1]
28 relu4_4 ReLU ReLU
29 pool4 Max Pooling 2x2 max pooling with stride [2 2] and padding [0 0 0 0]
30 conv5_1 Convolution 512 3x3x512 convolutions with stride [1 1] and padding [1 1 1 1]
31 relu5_1 ReLU ReLU
32 conv5_2 Convolution 512 3x3x512 convolutions with stride [1 1] and padding [1 1 1 1]
33 relu5_2 ReLU ReLU
34 conv5_3 Convolution 512 3x3x512 convolutions with stride [1 1] and padding [1 1 1 1]
35 relu5_3 ReLU ReLU
36 conv5_4 Convolution 512 3x3x512 convolutions with stride [1 1] and padding [1 1 1 1]
37 relu5_4 ReLU ReLU
38 pool5 Max Pooling 2x2 max pooling with stride [2 2] and padding [0 0 0 0]
39 fc6 Fully Connected 4096 fully connected layer
40 relu6 ReLU ReLU
41 drop6 Dropout 50% dropout
42 fc7 Fully Connected 4096 fully connected layer
43 relu7 ReLU ReLU
44 drop7 Dropout 50% dropout
45 fc Fully Connected 5 fully connected layer
46 softmax Softmax softmax
47 classoutput Classification Output crossentropyex with 'baso' and 4 other classes

Training Result

Using Model

1
2
3
4
5
%% Load Existing Model
load('vgg19LISC.mat');

sample = imread('sample');
sample = imresize(sample, [224 224]); %% Dont forget to resize sample

Repository

Code, training and validating datasets used are available here.

Zhone ADSL2+ 4P Bridge & Router (Broadcom)

References (Source): http://www.vulnerability-lab.com/get_content.php?id=1591

Download: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2_R030220_AnnexA.zip

Release Date: 2015-09-03

Vulnerability Laboratory ID (VL-ID): 1591

Common Vulnerability Scoring System: 8.8

Product & Service

At Zhone, Bandwidth Changes Everything™ is more than just a tag line. It is our focus, our fundamental belief and philosophy in developing carrier and enterprise-grade fiber access solutions for our customers ensuring bandwidth is never a constraint in the future!

(Copy of the Vendor Homepage: http://www.zhone.com/support/ )

Abstract Advisory Information

2015-09-03: Public Disclosure (Vulnerability Laboratory)

Discovery Status: Published

Affected Product(s): Product: Zhone ADSL2+ 4 Port Bridge (Broadcom) & Zhone ADSL2+ 4 Port Router (Broadcom) 6218-I2-xxx - FW: 03.02.20

Exploitation Technique: Remote

Severity Level: High

Technical Details

An authentication bypass vulnerability has been discovered in the official in the official Zhone ADSL2+ 4 Port Wireless Bridge & Router (Broadcom). The vulnerability allows remote attackers to bypass the authentication procedure to compromise the hardware device or service interface.

The first vulnerability is located in the session validation when processing to request via GET (outside the network) the pvccfg.cgi,dnscfg.cgi and password.cgi files. Thus can results in a reconfiguration by the attacker to compromise the hardware device.

The second vulnerability is located in the backupsettings.conf file access rights. Remote attackers can easily request via curl the backupsettings of the hardware device. Thus can result in an easy take-over of the hardware device via an information disclosure by accessing the backupsettings.conf.

The security risk of both vulnerabilities are estimated as high with a cvss (common vulnerability scoring system) count of 8.8. Exploitation of the access privilege issue requires no privilege application user account or user interaction. Successful exploitation of the bug results in hardware device compromise.

1
2
3
4
5
6
7
8
9
10
11
12
Request Method(s):
[+] GET

Vulnerable Model(s):
[+] Zhone ADSL2+ 4 Port Bridge (Broadcom)
[+] Zhone ADSL2+ 4 Port Router (Broadcom)

Affected Firmware:
[+] 03.02.20

Product Name:
[+] 6218-I2-xxx

Proof of Concept

The vulnerabilities can be exploited by remote attackers without privilege device user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

PoC: #1

1
2
3
http://[LOCALHOST]:?/pvccfg.cgi
http://[LOCALHOST]:?/dnscfg.cgi
http://[LOCALHOST]:?/password.cgi (In addition to text storage of sensitive information!)

Note: The links above can be accessed without any authentication in the interface!

PoC: #2

1
curl "http://<IP>/backupsettings.conf" -H "Authorization: Basic dXNlcjp1c2Vy"

("dXNlcjp1c2Vy" = "user:user" in base64)

Note: Obtaining backup DSL router configurations by any users account authentication!

Security Risk

The security risk of the both vulnerabilities in the bridge and wireless router interface is estimated as high. (CVSS 8.8)