You are at the archive for the Uncategorized Category:

SSH: Best practices

The comments around the last OpenSSH issue (CVE 2016-0777, you must read excellent Qualys’ analysis if you’re interested with the details), I noticed that many people were not aware of some basic features of OpenSSH. I will attempt to give a few advises, prioritized in feasibility order, and with graphical annotations: Very easy to set […]

Nuit Du Hack CTF 2013 : k1986 write-up

I’ve participed to NDH2013 this year and worked on a very interesting binary : k1986. It comes with two files : aris@kali64:~/ndh2013$ ls -l k1986 license.db -rwxr-xr-x 1 aris aris 14984 jun 23 02:07 k1986 -rwx—— 1 aris aris¬†¬† 360 jun 22 22:54 license.db aris@kali64:~/ndh2013$ file k1986-orig license.db k1986-orig: ELF 64-bit LSB executable, x86-64, invalid […]

Adding physical drives to VMware ESXi

I built a new lab environment at home, using VMWare ESXi 5.0, which is a very nice product, if we expect the windows-only GUI 1GB HDD needed to install bloatware. You can do pretty much anything from there, except something that looks so important that I wonder why it’s not on the windows GUI: mapping […]

Remotemouse considered harmful

The problem This weekend I found a nice application to control my mac from my iPhone. It’s Remotemouse from http://www.remotemouse.net. Unfortunately, when testing I found out that there was no pairing request nor any authentication… I just fired up wireshark to see what was happening and as expected, it’s a very dump cleartext protocol that […]