OK I might not be going to make math at all, not because my last experience with chemistry was about 6-7 years ago in my high school. After all I like command-line tools after having Linux as my primary driver for some time (and maybe again in near future ;)), however, my relationship with VIM […]
Since I’ve reviewed password storing possibilities in my recent blog posts (part 1 and 2), it’s time to ask question: can we do better? What Risks Are Left? First of all the user might be using a weak, guessable password. Something like their name, strings like “123456”. Sometimes this might be backed up by meaningless […]
While going through shellcoding course on Pantester Academy I though I would like to check how the code in the course would look like on MacOS. On Linux this was pretty straightforward: Set one syscall (mov rax, 1), to write to standard output (mov rdi, 1), enter hello_world string, enter its length, call, set another […]
In previous part I’ve given you an overview of strong and weak methods of storing passwords. I’ve told what are the gains of using slow hashing methods and salting as basic methods of protecting passwords. Today, I’m going to perform a simulated attack on passwords to compare efficiency of password cracking. As always all examples […]
Have you ever thought what happens when you type your password in a login form? What happens to this top secret data? How is it protected? Note: if you are reading this to get a decent understanding of how you should store passwords, read additional resources at the end. I am not a cryptography expert […]
A few weeks ago I bough access to Pentester Academy labs to boost my skills, since I do not have solid background in countless fields, my job is mainly writing web applications with a little bit of devops tasks (read: I sometimes modify Dockerfiles) and I rarely have an opportunity to observe how “smart people” […]
Today is the first month since I’ve started this blog – on June 19th the very first post was published. I’d like to share some thoughts and plans for the future. What did I achieve? There are some successes – I’ve published 4 posts, 5th is ready and will be released on Wednesday. All are […]
In previous two parts we’ve dealt with creating dynamic libraries on MacOS. Today we’re moving on to different system – Linux. I was planning to go with Windows, but running a web browser while using Virtualbox on my poor laptop is a nightmare and I think I will need to run my old laptop for […]
AS web developer my every day tasks involve working with Django which I like since it’s quite secure framework (compare with CVE list). Nevertheless as some say: “shit happens” and vulnerabilities are found. Some time ago a problem in admin panel that allowed for XSS attacks was discovered. Example application In order to give you […]
In the previous part we’ve taken a quick look on how to create a dynamic library in MacOS system that would be used as dependent library. While this approach is really straightforward, and has all the advantages of the dynamic loading (smaller binary file size, ability to patch library without the need to recompile entire […]