Exploit Development with AFL, PEDA and PwnTools
In this tutorial, we expand on our previous article on AFL by developping a simple exploit using PEDA and Pwntools.
Software Exploit Development – Fuzzing with AFL
It’s quite impressive to look back in the past to the early days of software vulnerabilities and observe the ongoing dance between new mitigation and new exploitation techniques. Powerful fuzzing tools are now commonplace and operated on a daily basis by IT corporations and security labs; either to find crashes in their software or others’ […]
Remembering the ‘Stakkato’ Hacks
Philip Gabriel Pettersson, best known by the pseudonym of “Stakkato” can be said to have reached legendary status within the computer security community of his numerous successful breaches of high-level targets between 2003 and 2005. Then a 16-year-old hacker from Uppsala, Sweden, he successfully infiltrated systems of large universities, the United States military, NASA and […]
The Past, Present and Future of Chinese Cyber Operations
China, as one of many alleged actors on the frontier of cyber espionage, is best understood by briefly examining the past century, how it influences contemporary cyber operations attributed to Chinese-based actors, and how they could be used against the Canadian Armed Forces in a potential Southeast Asian conflict.
Phusking PhotoBucket and Other Pictures Sharing Sites
Fusking picture sharing sites in order to retrieve pictures from private album.
A Study of Smart Cards
Cards are quite an interesting species of object that have invaded our lives in every way: we either use them for public transit, laundry, gift cards, phone cards, credit cards etc… One could gather quite a lot of power buy not only understanding their functioning, but also by being able to tamper their data. I […]
Firefox Javascript Vulnerability
Once again, Javascript is the source of a new exploit that has been recently discovered on Firefox1. The vulnerability can be exploited by crafting malicious Javascript code on a Firefox 3.5 browser and leads to the execution of arbitrary code on the user’s machine. This is due to a vulnerability in the JIT engine of […]
A small and quick introduction to ARP poisoning
This article won’t be about something new nor something extraordinary for any experienced computer security or even the average hacker, but since I’ve been ask this question quite often by some of my friends, I decided to explain how to sniff passwords from a network. Moreover, I’m well aware I haven’t been writing anything for […]
The Palestine-Israeli Conflict on the Web
As any conflict that happened in the 21st century, there is usually a parallel conflict raging online as well. Either commanded by individuals or groups, which can be helped or not by either government agencies or other interest groups, acts of cyberwarfare are getting more and more common. The conflict in the Gaza strip offers […]
Submarine Command System
A press release from BAE Systems announced the installation of the Submarine Command System Next Generation (SMCS NG) on twelve nuclear submarines of the Royal Navy, effectively ending the conversion of the seven Trafalgar-class submarines, four Vanguard-class submarines and one Swiftsure class[1]. The new command system is based on COTS hardware and software products. It […]