#!

It is incredible how many services on the Internet allow us to store our data. From our holiday photos to a birthday video, one may literally fill the web with their bytes. But what if someone wanted to reuse that free space for their own type of data. This post presents CumulonimbusFS, a FUSE-based ruby library that may be used to turn any kind of web storage into your own file system.

Kernel debugging may be accomplished using the GDB stub in QEMU and Android emulator. This process may be improved by using a GDB plugin to handle Linux internal structures. This post present this GDB plugin and how to set it up for the Android emulator.

During the reconnaissance stage of a web application testing, the tester (or attacker) usually uses a list of known subdirectories to brute force the server and find hidden resources. I have recently lost my personal list and decided to rebuild one from scratch using robots.txt.

ELF files are known for their duality: a set of sections from a linking point of view and a set of segments from a runtime point of view. The interesting part is the mapping between these two perspectives. While working on an ELF parser I noted the unexpected position of the .rodata section.

This vulnerability has already been covered extensively. The purpose of this post is to discuss some exploitation details, mainly related to kernel structures corruption.

Although there are many tutorials on how to set up OpenBSD disk encryption, there is only limited information on the encryption itself (design, algorithms, etc.). Historically, OpenBSD used vnd(4) disk to implement that feature. Currently, the use of softraid(4) is recommended. This post will review the design of the current implementation.

This post is about cracking hashes that have been generated using the format: sha1(<prefix> $password <suffix>). Although John the Ripper does not offer such function by default, it is relatively easy to implement it using a dynamic format.

Although, a large amount of Xbee models are based on the ZigBee protocol, the 900HP uses its own proprietary protocol. This series of posts has the objective to reverse this protocol but also, to provide general guidelines on how to reverse any unknown RF stack.

While using Jenkins, I came across the following quirk when modifying a stored credential...

I do use Burst for every step of a web application pentest, including the content discovery. This phase usually consists of guessing common subdirectories that may be present on the server (/admin, /conf, ...).

There is a lot of information online on how to roll your own kernel with the grsecurity patch. This is especially true for Gentoo or Debian. But to apply grsec to Fedora, there are some unexpected issues you might come across. The purpose of this post is to understand the classic merging problems and how to address them.

Burst is an HTTP framework. You can use it as a stand-alone application to intercept, modify and replay requests; or use the library to forge your own tool. It is released under the BSD license and available on Github...

I've been trying to write documentation for Burst for quite a long time now without any success. Probably because I prefer spending the spare time I have on implementing new features. A colleague of mine suggested that writing real-world use case could be a good start, so here we are...