Cory Doctorow started pointing out that there is incentivized decay of major internet platforms. While he is referring mostly from the end user perspective, the repercussions of these are also seen in the information security domain. Before proceeding, let’s set up our assumptions first: The points above have been discussed to death for years. Each… Continue reading Can we get back to progress again, please? (Pt I)
Five Algorithms Walk Into a CTF (Only One Walks Out)
I have a soft spot for CTFs. While CTFs do not reflect the grim realities of penetration testing or red teaming – one key difference is that CTFs have an “a-ha” solution with synthesis going on, they do remain a nice activity one-in-a-while – some challenges are uniquely interesting and the time pressure element is… Continue reading Five Algorithms Walk Into a CTF (Only One Walks Out)
A Shorthand for Distributed Systems Exploit Chains
If you have been following the evolution of binary exploitation (and the exploit mitigations arms-race) of the past twenty or so years you can detect a certain pattern: where binary exploitation used to be quite straightforward, adding multiple possible layers of defense made it an exercise in chaining multiple exploit primitives in order to get… Continue reading A Shorthand for Distributed Systems Exploit Chains
The Great Berlin Startup Swindle
Before anyone loses their mind over the title, let’s take a trip down the late 20th Century’s Punk Rock Lane. Sex Pistols were one of the most influential punk rock bands ever – it would not be a stretch that their influence does exist today. In a nutshell, the band became famous in a very… Continue reading The Great Berlin Startup Swindle
Percy Bysshe Shelley and the Coinbase Hack
I have not gone off the deep end. Ozymandias, perhaps Shelley’s most famous work and the name of the main antagonist in Watchmen bear thematic similarities to the recent Coinbase hack. Keep reading and you will see why. Ozymandias (as the antagonist of Watchmen- if we can use a word in such a philosophically and… Continue reading Percy Bysshe Shelley and the Coinbase Hack
72 Seasons 2025 is open!
Disclaimer: “72 Seasons” is the title of a Metallica record – I am using this title it for my free mentorship program for persons from disadvantaged backgrounds so Lars, do not sue bitte, bitte, bitte. So, this year I have space for 4 persons. Similar rules like last year: contact me, write me why you… Continue reading 72 Seasons 2025 is open!
A Greek Elegy for Marshall Amplification
Yes, the post is in Greek and yes, it is not computer related – not even remotely but here it goes. It appeared first on my Facebook feed – a lot of folks liked it so I am republishing here since, in general, my Facebook feed is not open to the general public. Νομιζω η… Continue reading A Greek Elegy for Marshall Amplification
Phrack #71 is out!
You can get it from there. What I really like about this release, is the temporal element – we didn’t have had to wait for years upon years for a new release. While skimming through it, a welcome note is that, after a long, long time, there are some new folks (as identified by their… Continue reading Phrack #71 is out!
Examining the writing on the wall – the “sticker rule”
As part of my 72 seasons (Sorry Lars! Hope you do not sue!) mentoring program, I have been reviewing content together with this half-year’s cohort about effective interviewing and how to spot red flags in a potential interview setting. Today, I am going to write a few words about one easy to miss red flag… Continue reading Examining the writing on the wall – the “sticker rule”
Guitar Setup vs. Cloud Configuration: A Lesson in Proper Configuration
If you own an electric guitar, at some point you had it setup – if you know what a setup is and why is needed in the first place thatis. A setup can be done at the factory or store (think of sane defaults), you can have a luthier set it up (acquisition of external… Continue reading Guitar Setup vs. Cloud Configuration: A Lesson in Proper Configuration
Athanasios Kostopoulos 