Collaborate Disseminate
The mainboard of my s7 passed away and i need to decrypt my SD card. Does Samsung store the keys in their cloud? Is there any way to decrypt the card? I can’t believe that once the phone dies (mb, whatever), the user loose im… Continue reading Can I decrypt my SD card as phone died
I’m studying the basics of making shell codes. I have a question about it.
In my textbook, the author stores his shell code in an environment variable, and injects the address of it using strcpy() in a program.
When he mak… Continue reading Why do we need to remove null bytes from shell code?
I have read recently that OSPF LSA packets can be modified and used to spoof the network. Is there any way to do it ? I have few ideas of writing python code., but I am not sure how to inject that packet into gns3. Can someon… Continue reading How to make a OSPF LSA Spoofing attack in GNS3
What hardware if any can a process in user-mode (as opposed to kernel mode) access without using system calls, e.g. without relying on the OS to do anything for it? This question should be operating system independent since I… Continue reading What hardware can a user-mode process access?
I have been thinking on how an app could be “perfectly” isolated from the rest of the system. Now I know we will never achieve “perfect” in practice, but in theory, how could one go about it? I put together a few thoughts:
… Continue reading Designing a sandbox or how to "perfectly" isolate an app?
Nowadays lots of big websites are using traffic analysis fingerprinting. They check/compare the response of every user’s packets size, type, frequency time interval/duration to the set of responses they have already available… Continue reading How to avoid Traffic Analysis by generating unique response everytime?
In my code I calculate hashes for known codes and a secret with SHA-1:
SHA-1(code + secret) = hash
A attacker can do statistical analysis on the database and for example guess that the code 03220 produces a specific output.
SHA-1(03220… Continue reading How fast can SHA-1 be brute forced when used with a secret?
If I use rot13 crypto I still can do text search.
For example:
Query: John
Encrypted Query: WBUA
Database Entries: John Smith => WBUA FZVGU
Jon Babe => WBA ONOR
Result: WBUA matches WBUA FZVGU
Are t… Continue reading Encrypt data, still able to do text search
I am developing some pubsub system on top of Node.js and Socket.io. I decided to implement Off-The-Record (OTR) encryption by default for all of data transfers between clients and server(s). Question is do I need to additiona… Continue reading Mixing Off-The-Record and classic SSL
I’m working on a web application which stores an authentication token in a cookie.
The only CSRF-protection is referrer checking.
I am considering improving this by moving the authentication token from cookies to a custom h… Continue reading CSRF-protection using authentication token in HTTP header?