Welcome!

This blog is about software security, cryptography, software engineering, ponies and whatever lies in between. If you're unsure what to read, start with the starred articles!

Recent articles

October 2023

Breaking Grandpa: A look at RFC 1004

Where we find a novel attack against a very very old authentication protocol with the help of Verifpal.

May 2022

Dusty File: Padlet Server-Side Request Forgery

First installment of the Dusty Files series, we look at the discovery and exploitation of a SSRF in Padlet.

August 2020

★ Cracking Phobos UUID

The standard D library provides a random UUID implementation that relies on regular pseudo-number generation and is not cryptographically secure. We show how this can be exploited in practice to predict future UUIDs.

June 2020

Review of the D library Crypto

Crypto is a cryptography library for the D programming language. I performed a review of the implementation of RSA that showed many issues. This article discusses these issues in details.

Stirling mug top

Stirling engines are simple, safe and dependable. What if we used them to transform our tea into phone chargers?

December 2019

★ HPLIP Privilege Escalation

Study of a file-based privilege escalation in HPLIP. Writable directories are still a liability!

June 2019

Opening combination locks

Got a 3 or 4 digit combination lock that you can't open? Not anymore! Here are a few tips and tricks to open almost any combination lock you may find.

Dirduster: short presentation

My web directory bruteforcing tool is finally feature complete after some years of development and professional use. Here's a short presentation of its goals and usage.

March 2019

How to size a hash? More mental calculations

Determining the right size of hash to use to avoid collisions can be tricky, but it's easier than it sounds with the right mental trick.

June 2018

★ Breaking dependencies with Github account takeover

Let's raise Github projects back from the dead to take control of hundreds of Dub, Go and AUR packages!

April 2018

Mental calculations for IT professionals

We've lost the habit to perform mental calculations and estimates since working with computers. I'd like to show that it's really not hard and actually very useful, here by estimating the time needed to crack a key.

February 2018

Docker for pentesters

Docker is generally presented as a developer tool, but it can be very useful to security professionals too! Let's show how easy to use it can be in that regard.

January 2018

Internal Penetration Tests

Asked to perform an internal pentest with no clue where to start from? Here's a guideline that you might find useful.

VBS Reverse Shell

P0wning a Windows box without Powershell? Easy with VBS!

June 2017

D sightseeing: crc32

Let's have a glance at a real although very short D program to discuss some of its features.

SSL/TLS Configuration Recommendations

How to configure SSL/TLS on your server in order to make it secure? Here is the way to do it quick and cleanly.

Hacking the simplest database

Julia Evans proposed the simplest database, let's take it down! A case study of simple file manipulations in bash.

May 2017

Fixing video noise with sox

How to use sox for something simple and practical: fixing the noise in a youtube video.

April 2017

★ Why we need authenticated cryptography

Simple demonstration of how an attacker could tamper with an encrypted message to his benefit without ever decrypting it in the absence of message authentication.

★ Weaponizing Excel Webservice

Excel formula injections are common in programs generating XLS files, but often considered harmless. This discusses a new technique that greatly improve the Red Team situation.

March 2017

Privilege Escalations

How to identify flawed resource management leading to privilege escalation. Part of the Fast Security Source Code Review series.

Fast Security Source Code Review

Introduction to the main concepts behind a fast security review. Intended for developers as well as pentesters.

February 2017

How secure is unpredictableSeed?

D's unpredictableSeed is sometimes used to compensate for the lack of a CSPRNG in the standard library. But how secure is that really?


Older

Crypter writeup

"A file was encrypted. You have the encryption software and an encrypted file. Decrypt that file." Detailed writeup using radare2.

Exploiting Gource

Improvised code review of the Gource git repository viewer. It is meant as a way to show how one can perform quick and targeted code reviews.

Let's build an Object System!

What makes an object system tick? What does it mean to be object oriented? What are classes really?

Mail.local et TOCTTOU

Une explication détaillée d'exploitation de programme SUID root via une TOCTTOU pour obtenir une élévation de privilège.

Comment who fonctionne-t-il ?

Strace est un outil puissant mais qui peut être difficile à manipuler. Nous voyons donc un cas concret en étudiant le fonctionnement de la commande "who".

Puppy writeup

Quelqu'un sur irc a proposé hier un petit challenge de steganographie. La victime du jour ? Un chiot qui renferme, nous dit-on, des secrets.

Introduction à l'éditeur de texte ed

Ed est un éditeur puissant mais terriblement déconcertant au premier abord. Cet article présente les commandes essentielles et un peu plus pour bien débuter avec l'Éditeur.

Shell streams and redirections

Shell streams are the most powerful feature of bash. Knowing about redirections is a capital step toward an efficient use of command-line.