Hello again dear reader. Unless you have been living under the proverbial rock for the past years, you are aware that containers have taken the world by storm. More likely than not, your favorite web site/application is a collection on containers running on an orchestrator (read at the time of writing: Kubernetes), interacting with assorted… Continue reading Book Review: Container Security: Fundamental Technology Concepts that Protect Containerized Applications
Linux Kernel Exploitation Links-2-3-4
Enjoy dear reader and hopefully this post will inspire someone to start their journey into the wild world of Linux Kernel exploitation.
The A500-mini firmware dumper is now publicly available
Hello again astute reader. This week I made public the firmware dumper for the A500-mini. You can find it on Github. It was a good Rust writing exercise, an exercise for a language I get to like more and more. Happy dumping! Don’t forget to check Ole‘s profile, he is simply awesome.
TheC64-toolkit is now public
Happy new year dear reader! I am happy to announce that my toolkit for the C64 replicas (such as the C64Maxi and the C64Mini) is now live on Github.
SeL4 compilation under Fedora 37 – some notes
Trying to follow the SeL4 compilation and testing instruction “as-is” yields some errors on a per-distribution basis. Below are some notes for Fedora 37 – if you have not performed these steps, you are likely to run into errors (it is assumed that repo/ninja/cmake are already installed 🙂 ) sudo dnf install -y python3-protobuf protobuf-compiler… Continue reading SeL4 compilation under Fedora 37 – some notes
Adventures with vagrant-libvirt in Fedora 35 land
Hi all. Recently, I wanted to easily create in a reproducible way some VMs for my security research. My main workstation runs Fedora and I decided NOT to use any 3rd party software such as VMWare or Virtualbox. Here my little adventure starts … I installed Vagrant, using the official way, no hiccups there. After… Continue reading Adventures with vagrant-libvirt in Fedora 35 land
HTTP Bypass via Header Injection
Welcome to another edition. A few days ago I was playing a CTF and was faced with an IP restriction on an API. Fortunately, there was a misconfiguration and using an “X-Forwarded-For” header was able to bypass it. Here is a list I have compiled in case some of my readers want to incorporate this… Continue reading HTTP Bypass via Header Injection
K-Amon-K – a log4j version verifier
Jumping on the Log4j bandwagon, I dropped today K-Amon-K. Enjoy! (and listen to the band!)
Fixing Python 3.10 incompatibilities in Binary Ninja
Hello dear reader. Recently, I upgraded my Linux laptop to Fedora 35. Fedora 35 comes with Python 3.10 as the system Python. Unfortunately, as documented in this GitHub issue, (do not forget to upvote!) this causes incompatibilities with Binary Ninja. Here is how I addressed this topic (standard disclaimers apply): Initially, I decided to use… Continue reading Fixing Python 3.10 incompatibilities in Binary Ninja
Dealing with embedded ELF files in Binary Ninja
Welcome again to my humble corner. Today I will share a story how I managed to deal with embedded ELF files using Binary Ninja. I was reversing an ARM firmware for fun (unfortunately not for profit!) and run into the following issue. The firmware itself is comprised of three sections, a header, an ELF file… Continue reading Dealing with embedded ELF files in Binary Ninja