Lots of Astrophysics for You!

cyberpunk

I wrote so much code during my Ph.D.! Some of them were protected or cannot be shared, but some are free (as in free beer).

If you like astrophysics, check out some of my IDL and Python work:

more ...

On Redis & AES Encryption in the 9447's CTF

During this last weekend, the 9447 CTF took place. One of the misc problems was called NoSQL and had the following description, together with an attachment with three files:

Hey, I don't understand how SQL works, so I made my own NoSQL startup. And OpenSSL is bloody crap.

ip ...

more ...

Deploying Suricata with Chef

cyberpunk

Continuous delivery is a software development practice where code changes (in source control) are automatically:

  • built (run build and unit tests), known as continuous integration,
  • tested (deploy to test environments, run all the tests), known as continuous testing, and
  • prepared for a release (deploy to production environment), known as continuous ...
more ...

The First Stripe CTF

Although I did not have the chance of playing in either of the three Stripe CTFs, I was quite enthralled when I took a look at the problems. I decided to solve them anyway, and I am writing this series of writeups.

This post is about the first Stripe CTF ...

more ...

Fun with Genetic Algorithms

hacking

Natural selection is the world optimizing for survival on Earth. Every life form on Earth is a solution generated by evolution's algorithm, which evolves a population of individuals over generations, optimizing for survival. Below is a way to describe this algorithm:

  1. The algorithm begins by creating a random initial ...
more ...

Wiresharking for Fun or Profit

Wireshark is an open-source network packet analyzer that allows live traffic analysis, with support to several protocols.

Wireshark also allows network forensic, being handy for CTFs for example (check my writeups for the D-CTF Quals 2014 and for the CSAW Quals 2014 in Networking and Forensics).

In this blog post ...

more ...

The Ultimate Linux Guide for Hackers ;)

Being a Linux user is, above all, a lifestyle. Interestingly, more and more people have been joining this community, keeping it dynamic and organic.

Linux has been in my life since my high school years, and I'm still always inspired by the fact that it has not lost any ...

more ...

On CRLs, OCSP, and a Short Review of Why Revocation Checking Doesn't Work (for Browsers)

Today I am going to talk about some regulation details of SSL/TLS connections. These connections rely on a chain of trust. This chain of trust is established by certificate authorities (CAs), which serve as trust anchors to verify the validity of who a device thinks it is talking to ...

more ...

A Closer Look at Chrome's Security: Understanding V8

In 2008, Google released a sandbox-oriented browser, that was assembled from several different code libraries from Google and third parties (for instance, it borrowed a rendering machinery from the open-source Webkit layout engine, later changing it to a forked version, Blink). Six years later, Chrome has become the preferred browser ...

more ...

A List of Common Web Vulnerabilities

Although nomenclatures don't help much when you are facing a security problem, I am keeping this list for a systematic organization. It has regularly been updated.

In addition to this list, you can check some specific web exploration older posts: Exploiting the web in 20 lessons and D-Camp CTF ...

more ...