Subgroup Confinement Attacks
Subgroup confinement attacks can apply in offline and online contexts.
User-influenced Shell Commands Are Still Considered Harmful
Non-obvious ways of getting code execution when testing code that uses user input to build shell commands.
The GGH Cryptosystem
An introduction to lattice-based cryptography using the broken Goldreich–Goldwasser–Halevi (GGH) cryptosystem.
ASIS CTF 2016: RSA Write-up
Breaking RSA with sequential prime key parameter generation.
Tokyo Westerns / MMA CTF: Twin Primes Write-up
Decrypting RSA ciphertexts using correlated parameters.
Modifying IP Headers With netfilter
Using netfilter to programmtically rewrite the source IP address of ICMP packets.
Authorization Design Patterns
Patterns/anti-patterns for designing authorization APIs.
Takeaways from my first trip to Iceland and places I hope to revisit.
Secure Password Hash Migrations
How to securely migrate from an insecure password hash algorithm to a secure one.
One tip for finding fast and useful fuzz targets for networked code.