Questions for System Design Reviews

2019-05-12

Moving towards operationalizing system design reviews. What questions should a review team ask, or expect to be answered?

What is the Value-add of ssh-agent?

2019-01-14

The purpose of ssh-agent and observations how ssh-agent improves UX and security.

Fiat-Shamir Heuristic

2018-09-22

Overview and implementation of the Fiat-Shamir heuristic used to build signature schemes from interactive zero-knowledge proofs.

Building Lattice Reduction (LLL) Intuition

2017-07-25

My attempt to grok the Lenstra–Lenstra–Lovász (LLL) algorithm used for basis reduction.

Subgroup Confinement Attacks

2017-01-14

Subgroup confinement attacks can apply in offline and online contexts.

User-influenced Shell Commands Are Still Considered Harmful

2016-12-06

Non-obvious ways of getting code execution when testing code that uses user input to build shell commands.

The GGH Cryptosystem

2016-11-23

An introduction to lattice-based cryptography using the broken Goldreich–Goldwasser–Halevi (GGH) cryptosystem.

ASIS CTF 2016: RSA Write-up

2016-09-18

Breaking RSA with sequential prime key parameter generation.

Tokyo Westerns / MMA CTF: Twin Primes Write-up

2016-09-01

Decrypting RSA ciphertexts using correlated parameters.

Modifying IP Headers With netfilter

2016-08-20

Using netfilter to programmtically rewrite the source IP address of ICMP packets.