Here’s a quick Bash function that I whipped up to SSH into a server
and keep the same directory. The use case for me is that I have a
Dropbox shared between my laptop and server. Sometimes I need to run
something (experiment, code, whatever) on the server. It was becoming
annoying to ssh and then cd to the correct directory.
I call this function sshere (ssh here):
Feel free to use, steal, or adapt to your needs.
picoCTF is an awesome hacking competition aimed at High School students. The great guys at CMU and PPP are putting on this innovative competition. I had some High School students ask for pointers to prepare for the picoCTF. I invited them to our weekly hacking group and talked about the hacking mindset and basic tools. They amazed me with their knowledge—I was cutting my teeth on TI-83 BASIC programming in math class when I was their age.
What follows are my notes on the lecture I gave and the discussion that we had. I hope other young hackers find these resources useful while preparing for picoCTF.
First and foremost, we need to understand how the hacker thinks. How should you think when you’re trying to break a program?
Recently, a friend asked me to recommend some classic English books for him. He’s Persian and was born in Iran, so it was fun to give him some of my favorite american books. I decided to put that list here in case you’re looking for a book to read.
One of the funniest books I’ve ever read. About WWII and it’s sad and funny at the same time.
The funniest book I’ve ever read. Captures the spirit of New Orleans and the characters are outlandish. Plus the book was published after the author committed suicide, so the whole book’s got a sad tinge.
Hi all, I’m here to talk about a little known web vulnerability that Bryce Boe already touched on. Execution After Redirects are logic flaws in web applications that can lead to Information Disclosure and Broken Access Controls.
Well, an Execution After Redirect (EAR) flaw is when a developer causes an HTTP redirect to occur, typically via a web framework. The developer assumes that execution stops after the redirect, however, execution continues.
In an effort to improve my writing and analysis skills, I’m going to review papers using less than 500 words. This is my first attempt.
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications is a paper written by Davide Balzarotti et. al., and was published at the IEEE Symposium on Security and Privacy in 2008.
While learning more about clojure, I wanted to do some network sniffing. Following a guide to raw traffic in clojure I needed to install jpcap in order to use libpcap from java.
Jpcap doesn’t provide a 64-bit version so I had to compile my own. Here’s the documentation of how I did it. A patch is provided at the end of the post.
I found some information about how to do this on the web, but everything I saw talked about using an .htaccess file. I didn’t want to use an .htaccess file.
Here’s what I had to do in Ubuntu (this was on an old 8.10 server).
So after struggling for a while with this, the answer is surprisingly simple.
For a bridge that you've created with brctl, you can use this simple command:
brctl setageing <bridgename> 0
This command tells Linux to forget every MAC address that it sees on
the bridge, making it act as a hub.
Here's the source.
Another fire in the Santa Barbara hills!
Two chicks at the same time.