Hi all. Recently, I wanted to easily create in a reproducible way some VMs for my security research. My main workstation runs Fedora and I decided NOT to use any 3rd party software such as VMWare or Virtualbox. Here my little adventure starts … I installed Vagrant, using the official way, no hiccups there. After… Continue reading Adventures with vagrant-libvirt in Fedora 35 land
Category: Uncategorized
HTTP Bypass via Header Injection
Welcome to another edition. A few days ago I was playing a CTF and was faced with an IP restriction on an API. Fortunately, there was a misconfiguration and using an “X-Forwarded-For” header was able to bypass it. Here is a list I have compiled in case some of my readers want to incorporate this… Continue reading HTTP Bypass via Header Injection
K-Amon-K – a log4j version verifier
Jumping on the Log4j bandwagon, I dropped today K-Amon-K. Enjoy! (and listen to the band!)
Fixing Python 3.10 incompatibilities in Binary Ninja
Hello dear reader. Recently, I upgraded my Linux laptop to Fedora 35. Fedora 35 comes with Python 3.10 as the system Python. Unfortunately, as documented in this GitHub issue, (do not forget to upvote!) this causes incompatibilities with Binary Ninja. Here is how I addressed this topic (standard disclaimers apply): Initially, I decided to use… Continue reading Fixing Python 3.10 incompatibilities in Binary Ninja
Dealing with embedded ELF files in Binary Ninja
Welcome again to my humble corner. Today I will share a story how I managed to deal with embedded ELF files using Binary Ninja. I was reversing an ARM firmware for fun (unfortunately not for profit!) and run into the following issue. The firmware itself is comprised of three sections, a header, an ELF file… Continue reading Dealing with embedded ELF files in Binary Ninja
Phrack 70 is out!
After a long wait, indicative of the current state of knowledge sharing in the so-called “underground”, Phrack 70 is out. Read it here!
Amiga 500 Decompilation using Binary Ninja
Hello again $WORLD. I am happy to announce that my Commodore Amiga BinaryNinja plugin is now available to the general public. You can find it here. Essentially, the plugin is a BinaryView with support for both Amiga Hunk file formats. To simplify a bit, Amiga has a different file format for “executable” files and for… Continue reading Amiga 500 Decompilation using Binary Ninja
Commodore 64 Decompilation using Binary Ninja
Dear $WORLD. I am happy to announce that I have released the first version of my C64 PRG plugin for Binary Ninja. You can find it here. It has KERNAL support, to make reversing life just a bit easier. You can find it here. As always PRs, issues and corner case reports are more than… Continue reading Commodore 64 Decompilation using Binary Ninja
Adventures with Linux Outline Client and aws-iam-authenticator
Hi all, below is a small engineering puzzle that I had to solve recently. The essential components: a Linux Laptop (in my case, running the excellent ClearLinux distribution) aws-iam-authenticator Outline client (A shadowSocks client) The setup was the following. A Kubernetes cluster, a bastion host using Outline as the means to connect and access the… Continue reading Adventures with Linux Outline Client and aws-iam-authenticator
Book Review: Managing Kubernetes
So as 2018 comes to a close soon, one fact can be pointed out: Kubernetes is the winner of the container orchestration frameworks “war”, short lived as it was. The popularity of the project is growing steadily and it is being adopted in a variety of businesses, from the small, but technologically adept startup, to… Continue reading Book Review: Managing Kubernetes