-
Subgroup Confinement Attacks
2017-01-14
Subgroup confinement attacks can apply in offline and online contexts.
-
User-influenced Shell Commands Are Still Considered Harmful
2016-12-06
Non-obvious ways of getting code execution when testing code that uses user input to build shell commands.
-
The GGH Cryptosystem
2016-11-23
An introduction to lattice-based cryptography using the broken Goldreich–Goldwasser–Halevi (GGH) cryptosystem.
-
ASIS CTF 2016: RSA Write-up
2016-09-18
Breaking RSA with sequential prime key parameter generation.
-
Tokyo Westerns / MMA CTF: Twin Primes Write-up
2016-09-01
Decrypting RSA ciphertexts using correlated parameters.
-
Modifying IP Headers With netfilter
2016-08-20
Using netfilter to programmtically rewrite the source IP address of ICMP packets.
-
Authorization Design Patterns
2016-08-01
Patterns/anti-patterns for designing authorization APIs.
-
Iceland
2016-08-01
Takeaways from my first trip to Iceland and places I hope to revisit.
-
Secure Password Hash Migrations
2015-11-27
How to securely migrate from an insecure password hash algorithm to a secure one.
-
Fuzzing Servers
2015-11-11
One tip for finding fast and useful fuzz targets for networked code.