This blog is about software security, cryptography, software engineering, ponies and whatever lies in between. If you're unsure what to read, start with the starred articles!
- Dusty File: Padlet Server-Side Request Forgery
First installment of the Dusty Files series, we look at the discovery and exploitation of a SSRF in Padlet.
- ★ Cracking Phobos UUID
The standard D library provides a random UUID implementation that relies on regular pseudo-number generation and is not cryptographically secure. We show how this can be exploited in practice to predict future UUIDs.
- Review of the D library Crypto
Crypto is a cryptography library for the D programming language. I performed a review of the implementation of RSA that showed many issues. This article discusses these issues in details.
- Stirling mug top
Stirling engines are simple, safe and dependable. What if we used them to transform our tea into phone chargers?
- ★ HPLIP Privilege Escalation
Study of a file-based privilege escalation in HPLIP. Writable directories are still a liability!
- Opening combination locks
Got a 3 or 4 digit combination lock that you can't open? Not anymore! Here are a few tips and tricks to open almost any combination lock you may find.
- Dirduster: short presentation
My web directory bruteforcing tool is finally feature complete after some years of development and professional use. Here's a short presentation of its goals and usage.
- How to size a hash? More mental calculations
Determining the right size of hash to use to avoid collisions can be tricky, but it's easier than it sounds with the right mental trick.
- ★ Breaking dependencies with Github account takeover
Let's raise Github projects back from the dead to take control of hundreds of Dub, Go and AUR packages!
- Mental calculations for IT professionals
We've lost the habit to perform mental calculations and estimates since working with computers. I'd like to show that it's really not hard and actually very useful, here by estimating the time needed to crack a key.
- Docker for pentesters
Docker is generally presented as a developer tool, but it can be very useful to security professionals too! Let's show how easy to use it can be in that regard.
- Internal Penetration Tests
Asked to perform an internal pentest with no clue where to start from? Here's a guideline that you might find useful.
- VBS Reverse Shell
P0wning a Windows box without Powershell? Easy with VBS!
- D sightseeing: crc32
Let's have a glance at a real although very short D program to discuss some of its features.
- SSL/TLS Configuration Recommendations
How to configure SSL/TLS on your server in order to make it secure? Here is the way to do it quick and cleanly.
- Hacking the simplest database
Julia Evans proposed the simplest database, let's take it down! A case study of simple file manipulations in bash.
- Fixing video noise with sox
How to use sox for something simple and practical: fixing the noise in a youtube video.
- ★ Why we need authenticated cryptography
Simple demonstration of how an attacker could tamper with an encrypted message to his benefit without ever decrypting it in the absence of message authentication.
- ★ Weaponizing Excel Webservice
Excel formula injections are common in programs generating XLS files, but often considered harmless. This discusses a new technique that greatly improve the Red Team situation.
- Privilege Escalations
How to identify flawed resource management leading to privilege escalation. Part of the Fast Security Source Code Review series.
- Fast Security Source Code Review
Introduction to the main concepts behind a fast security review. Intended for developers as well as pentesters.
- How secure is unpredictableSeed?
D's unpredictableSeed is sometimes used to compensate for the lack of a CSPRNG in the standard library. But how secure is that really?
- Crypter writeup
"A file was encrypted. You have the encryption software and an encrypted file. Decrypt that file." Detailed writeup using radare2.
- Exploiting Gource
Improvised code review of the Gource git repository viewer. It is meant as a way to show how one can perform quick and targeted code reviews.
- Let's build an Object System!
What makes an object system tick? What does it mean to be object oriented? What are classes really?
- Mail.local et TOCTTOU
Une explication détaillée d'exploitation de programme SUID root via une TOCTTOU pour obtenir une élévation de privilège.
- Comment who fonctionne-t-il ?
Strace est un outil puissant mais qui peut être difficile à manipuler. Nous voyons donc un cas concret en étudiant le fonctionnement de la commande "who".
- Puppy writeup
Quelqu'un sur irc a proposé hier un petit challenge de steganographie. La victime du jour ? Un chiot qui renferme, nous dit-on, des secrets.
- Introduction à l'éditeur de texte ed
Ed est un éditeur puissant mais terriblement déconcertant au premier abord. Cet article présente les commandes essentielles et un peu plus pour bien débuter avec l'Éditeur.
- Shell streams and redirections
Shell streams are the most powerful feature of bash. Knowing about redirections is a capital step toward an efficient use of command-line.