#!

  • CumulonimbusFS

    30 July 2015

    It is incredible how many services on the Internet allow us to store our data. From our holiday photos to a birthday video, one may literally fill the web with their bytes. But what if someone wanted to reuse that free space for their own type of data. This post presents CumulonimbusFS, a FUSE-based ruby library that may be used to turn any kind of web storage into your own file system.

  • Linux/Android Kernel Debugging with vmlinux-gdb

    28 May 2015

    Kernel debugging may be accomplished using the GDB stub in QEMU and Android emulator. This process may be improved by using a GDB plugin to handle Linux internal structures. This post present this GDB plugin and how to set it up for the Android emulator.

  • What one may find in robots.txt

    17 May 2015

    During the reconnaissance stage of a web application testing, the tester (or attacker) usually uses a list of known subdirectories to brute force the server and find hidden resources. I have recently lost my personal list and decided to rebuild one from scratch using robots.txt.

  • ELF .rodata

    05 May 2015

    ELF files are known for their duality: a set of sections from a linking point of view and a set of segments from a runtime point of view. The interesting part is the mapping between these two perspectives. While working on an ELF parser I noted the unexpected position of the .rodata section.

  • On exploiting CVE 2014-3153

    14 April 2015

    This vulnerability has already been covered extensively. The purpose of this post is to discuss some exploitation details, mainly related to kernel structures corruption.

  • OpenBSD disk encryption

    11 January 2015

    Although there are many tutorials on how to set up OpenBSD disk encryption, there is only limited information on the encryption itself (design, algorithms, etc.). Historically, OpenBSD used vnd(4) disk to implement that feature. Currently, the use of softraid(4) is recommended. This post will review the design of the current implementation.

  • Using JtR to crack SHA1 with prefix and suffix

    27 September 2014

    This post is about cracking hashes that have been generated using the format: sha1(<prefix> $password <suffix>). Although John the Ripper does not offer such function by default, it is relatively easy to implement it using a dynamic format.

  • Reverse engineering of XBee Pro PHY layer, part 1

    07 September 2014

    Although, a large amount of Xbee models are based on the ZigBee protocol, the 900HP uses its own proprietary protocol. This series of posts has the objective to reverse this protocol but also, to provide general guidelines on how to reverse any unknown RF stack.

  • Credentials storage in Jenkins

    01 June 2014

    While using Jenkins, I came across the following quirk when modifying a stored credential...

  • Exploring with Burst

    25 April 2014

    I do use Burst for every step of a web application pentest, including the content discovery. This phase usually consists of guessing common subdirectories that may be present on the server (/admin, /conf, ...).

  • Compiling grsec kernel for Fedora 20

    31 March 2014

    There is a lot of information online on how to roll your own kernel with the grsecurity patch. This is especially true for Gentoo or Debian. But to apply grsec to Fedora, there are some unexpected issues you might come across. The purpose of this post is to understand the classic merging problems and how to address them.

  • An introduction to Burst

    26 March 2014

    Burst is an HTTP framework. You can use it as a stand-alone application to intercept, modify and replay requests; or use the library to forge your own tool. It is released under the BSD license and available on Github...

  • Post function on play()

    26 March 2014

    I've been trying to write documentation for Burst for quite a long time now without any success. Probably because I prefer spending the spare time I have on implementing new features. A colleague of mine suggested that writing real-world use case could be a good start, so here we are...