tech > code > adventures in code
- An Experimental "RequireCT" Directive for HSTS
- First I deploy Certificate Transparency via TLS Extenstions (and OCSP stapling) for my server, then I add a directive to the HSTS header, then I patch Chrome to recognize the directive and abort if it my server omits Certificate Transparency information.
- Run Your Own Tor Network
- Ever wanted a HOWTO on running your own, independent Tor network? Now you have it.
- Universal Email Encryption
- A friend and I worked for a bit to try and design a way to deploy universally encrypted email. Then Snowden happened and we learned how far the rabbit hole went.
- Decrypting Amazon EC2 Passwords
- A quick script to decrypt the password to Amazon EC2 Windows instances, so you don't have to give them your SSH private key.
- RFC 6217: Regional Broadcast Using an Atmospheric Link Layer
- I authored an RFC that provides recommendations for an efficient broadcast of text or binary data to a region (urban or rural), using existing infrastructure.
- Hackers Puzzle Challenge in the CSAW 2010 CTF Final Round
- While this was for a security CTF - all I did was write code, so I put this under the 'code' section. Read about the file formats trickery I did, and download the challenge yourself.
- comparing loop hoisting in .net
- You know how some people say you want to remove the test in a loop into a local variable to make it faster? Don't.
- this is why javascript is awesome
- String manipulation on functions is horribly dangerous but also so cool - I don't know any other language that can do this.
- here's some sql you should never use
- Whenever we want to get something done quickly, we write code that should never, ever, see the light of day. And for some reason, I like sharing mine on the internet.
- hacking the clr: diffing assemblies
- I ended up looking into the binary of the assemblies produced by a simple Hello World program, diffing the assemblies between two runs on the same machine, between two runs on different machines, and between Debug and Release mode.
- RFID Experimentation
- I got an RFID kit... I wired it up to a candy bowl and set my server up to yell at whoever takes a piece.
- Bastardizing a Backup
- Watch I turn a relatively simple backup script into a horribly complicated, supremely mis-architected amalgamation that should never have seen the light of day.
- Making the Site
- Learn about how this site works, and the design choices that went into it.
tech > security > adventures in (in)security
Warning! This page used to be kept up to date but hadn't been for a number of years. Expect a lot of broken links ahead!
- Code Execution in spite of BitLocker
- I dug into Windows 8's BitLocker changes, and came up with a POC of code execution upon next boot if you get temporary access to the encrypted disk.
- Evernote and Privacy Preserving Applications
- I pick apart the Evernote Android App to see how it implements something scary.
- De-Anonymizing Alt.Anonymous.Messages
- For about four years I downloaded archives of the anonymous usenet group, then I did some analysis, correlated some messages, and presented some findings at Defcon.
- Femtocell
- I hacked a femtocell. And demoed it, live, on-stage in a casino. Twice.
- Remailer Blog Posts
- A set of blog posts about how remailers work in both theory and practice.
- An Attack on SSL Client Certificates
- The common thought is that if you use a Client Certificate, while an attacker could MITM you, they couldn't impersonate you to the server. False.
- Fixing Revocation for Web Browsers on the Internet
- It's a tad ambitious (hah) but I lay out what I think we should do for the next ten years to fix revocation in the CA system.
- Certificate Authorities & Pinning
- A look at how Google pins their sites' certificates in Chrome, and what you can learn from it.
- Details on CRIME
- My summary on the CRIME attack, how it works, and how to defend against it. This was published about a week before Thai & Juliano's presentation.
- An Attack on Unauthenticated Block Cipher Modes - Separator Oracle
- A new(ish) oracle attack on unauthenticated block cipher modes (CBC, CTR, OFB, CFB) a friend and I developed.
- On the Sorry State of Email Security
- Your email is insecure, unless you're talking to a bank. Too bad they don't let you email them!
- The IETF & Future of Security Protocols - Black Hat EU '12
- A very long whitepaper looking at replacements for the CA system, Content Security Policy, and other improvements to Web Browsers.
- Cloud & Control - Ekoparty '11, RSA '12
- On distributing RSA factoring, password cracking, and more using the software behind SETI.
- Non-Persistent PGP Keys
- An odd approach to generate PGP keys from a passphrase, instead of a true source of randomness. This lets you create keys that you can delete and recreate later.
- Beyond Padding Oracle - Manger's Oracle and RSA OAEP padding
- An implementation of at attack on a specific Padding Scheme for RSA, including a timing attack against libgcrypt.
- Time-Fade Badges
- Putting the Bleed-Through security badges in a freezer gives you infinite access (in theory).
- An Explanation of ElGamal Encryption
- I had forgotten some of the underlying theroms behind ElGamal, so in an effort to make sure I never forget them again I decided to put the effort into explaining it in unnecessary detail.
- Microsoft ClickOnce MITM Vulnerabilities
- ClickOnce is a Microsoft technology intended to make deployment of desktop applications extremely simple. When deployed over HTTP, it is vulnerable to several types of Man in the Middle attacks; despite the ability to sign the executables.
- Finding SQL Injection in a White-Box Environment
- When we have access to the database, we can farm SQL Injection testing to untrained QA Analysts - they don't even need to know what SQL Injection is. This is can catch unusual code paths and is generally less expensive than a full code audit.
- why event validation exists in ASP.Net
- ASP.Net prevents you from chanting magic incantations to trigger events you can't see. I show you what the incantations look like, and when you may still be able to exploit something despite it's protection.
- people who shouldn't do crypto episode 2 - the followup
- After I called him out on his security, the author sent me a big encrypted message, and challenged me to break it.
- people who shouldn't do crypto episode 2
- Some people think that you can encode and rearrange some bits, and it's Military Grade crypto.
- people who shouldn't do crypto episode 1
- Some people think crypto is like bacon - put it on anything and it becomes better (or secure). These are their tales.
required, hidden, gravatared
required, markdown enabled (help)
* item 2
* item 3
are treated like code:
if 1 * 2 < 3:
print "hello, world!"
are treated like code: