Aug 20, 2016

    A tale of two operating systems, and a remotely exploitable heap corruption vulnerability

    If you think about it, a remotely exploitable heap corruption vulnerability might just make for the best horror story that you could tell around a campfire.

    Apr 3, 2016

    A brief glance at the precursor to the Linux Slapper worm

    A botnet is a number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control or by passing messages to one another. Given that the sample in question contains a well-formed description of itself, we can directly infer the following information:

    • The sample in question is an agent used by hosts who are participating in a peer-to-peer (P2P) botnet;
    • The intended purpose of the botnet is to perform distributed denial of service (DDoS) attacks against a randomly selected network;
    • Peers within the botnet communicate over a P2P protocol based on UDP; and
    • The linking process used by peers within the botnet relies on an iterative technique which can be used to bypass broadcast domain segmentation. In the author’s own words:
    […]. The linking process works by giving each computer the list of avaliable computers, then using a technique called broadcast segmentation combined with TCP like functionality to insure that another computer on the network receives the broadcast packet, segments it again and recreates the packet to send to other hosts. That technique can be used to support over 16 million simutaniously connected computers.

    Mar 13, 2016

    Subverting 512-bit RSA using RSA-BDH: an RSA backdoor based on the Diffie-Hellman assumption

    RSA-BDH is an asymmetric backdoor for RSA based on the Diffie-Hellman assumption and is suitable for compromising short RSA keys in black-box environments.

    Mar 13, 2016

    There are two classes of zero-knowledge proofs in the world, and Donald Trump's campaign speeches are an example of one of them.

    There are two classes of zero-knowledge proofs (ZKPs) in the world. The first class of ZKP is used by a claimant to attest to the veracity of a given proposition without revealing any information about their solution. The second is used by politicians like Donald Trump to attest to the veracity of a given proposition without revealing whether or not they actually have a solution, or even understand the proposition in the first place.

    Mar 3, 2016

    Security Shield: protect your pc in new level (analysing a variant of Win32/Winwebsec)

    Based on the result of 51/56 positive scan results, VirusShare_0268d86f4bbdfb7ebcfff7f2c0959453.exe appears to be a variant, or mutation of Win32/Winwebsec. Malware strains in this family tend to masquerade as legitimate software in order to gain the trust of users, and may take advantage of this relationship for financial gain. Once this relationship has been established, malware in this family has the ability to take advantage of a user’s system with, or without their consent.

    Feb 7, 2016

    If you (kind-of) bang two files together, sometimes it will generate a (partial) SHA-1 collision

    Do you remember 'Bangarang', that hit song by Skrillex? Yeah, this is nothing like that.

    Jul 18, 2015

    So, a scientific data visualization tool, and a Minecraft world walk into a bar

    A weekend experiment with Minecraft, MySQL, and MayaVi gone horribly right.

    Jul 4, 2015

    Repurposing an old Android smartphone for penetration testing: the quitters guide

    Is that a penetration testing tool in your pocket, or are you just happy to see me? This guide will help you set-up Arch Linux on your old Android smartphone, as well as a handful of your favourite penetration testing tools.

    Nov 13, 2014

    What if someone has managed to put a 'Nothing Up My Sleeve' number up their sleeve?

    As I pieced together bits, and pieces from a talk about cache timing attacks I thought more about this problem. What happens when you’re up against an adversary who employs a team of cryptographers for the sole purpose of undermining the trust that we’ve instilled in a particular cryptographic algorithm? Moreover, what happens when you’re up against someone who oversees the design, and development of cryptographic algorithms?

    Nov 9, 2014

    Adding a system call to the Linux kernel

    System calls allow for user space programs to request kernel services such as the scheduler, and device drivers. Let's write one together.

    Aug 20, 2014

    A gentle introduction to Berkeley Packet Filters

    Berkeley/BSD packet filters can be used for stateless, protocol-agnostic network traffic filtering by examining the headers, and payload associated with packets in a given stream of network traffic.