CumulonimbusFS

Introduction It is incredible how many services on the Internet allow us to store our data. From our holiday photos to a birthday video, one may literally fill the web with their bytes. Some of …

Read more

Linux/Android Kernel Debugging with vmlinux-gdb

Introduction Debugging the kernel may be accomplished via multiple avenues. Until now, the simplest and most effective solution has always been the use of printk. KDB is another solution which consists of an embedded debugger within the kernel …

Read more

What one may find in robots.txt

Introduction During the reconnaissance stage of a web application testing, the tester (or attacker) usually uses a list of known subdirectories to brute force the server and find hidden resources. For that purpose, a list …

Read more

ELF .rodata

Introduction ELF files are known for their duality: a set of sections from a linking point of view and a set of segments from a runtime point of view. The interesting part is the mapping …

Read more

On exploiting CVE 2014-3153

Introduction This vulnerability has already been covered extensively. The purpose of this post is to discuss some exploitation details, mainly related to kernel structures corruption. For further details on the vulnerability context, see the references …

Read more

OpenBSD disk encryption

Introduction Although there are many tutorials on how to set up OpenBSD disk encryption, there is only limited information on the encryption itself (design, algorithms, etc.). Historically, OpenBSD used vnd(4) disk to implement that feature. Currently, the …

Read more

Using JtR to crack SHA1 with prefix and suffix

Introduction This post is about cracking hashes that have been generated using the format: sha1(<prefix> $password <suffix>). For instance, sha1(“example.org,my_password,0”). Although John the Ripper does not offer such function by default, it is relatively easy to implement …

Read more

Reverse engineering of XBee Pro PHY layer, part 1

Introduction For another side-project, I have bought three Xbee Pro 900HP. Here is a description of these modules, according to the manufacturer: XBee-PRO 900HP embedded modules provide best-in-class range wireless connectivity to devices. They take advantage …

Read more

Credentials storage in Jenkins

Introduction While using Jenkins, I came across the following quirk when modifying a stored credential: It is rare to still find an application returning some information into the password field to the user. A quick …

Read more

Exploring with Burst

Introduction I do use Burst for every step of a web application pentest, including the content discovery. This phase usually consists of guessing common subdirectories that may be present on the server (/admin, /conf, …). …

Read more

Compiling grsec kernel for Fedora 20

Introduction There is a lot of information online on how to roll your own kernel with the grsecurity patch. This is especially true for Gentoo or Debian. But to apply grsec to Fedora, there are …

Read more

An introduction to Burst

What is Burst? Burst is an HTTP framework. You can use it as a stand-alone application to intercept, modify and replay requests; or use the library to forge your own tool. It is released under …

Read more

Post function on play()

Introduction I’ve been trying to write documentation for Burst for quite a long time now without any success. Probably because I prefer spending the spare time I have on implementing new features. A colleague of …

Read more