-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
434 lines (228 loc) · 14.4 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
<!DOCTYPE html>
<!--[if IEMobile 7 ]><html class="no-js iem7"><![endif]-->
<!--[if lt IE 9]><html class="no-js lte-ie8"><![endif]-->
<!--[if (gt IE 8)|(gt IEMobile 7)|!(IEMobile)|!(IE)]><!--><html class="no-js" lang="en"><!--<![endif]-->
<head>
<meta charset="utf-8">
<title>0xAA - Random notes on security</title>
<meta name="author" content="Authorized Attacker">
<meta name="description" content="This post can be treated as a continuation of previously published article of “Deanonymization made simple”. As mentioned, more than five …">
<!-- http://t.co/dKP3o1e -->
<meta name="HandheldFriendly" content="True">
<meta name="MobileOptimized" content="320">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="http://antukh.com/">
<link href="/favicon.png" rel="icon">
<link href="/stylesheets/screen.css" media="screen, projection" rel="stylesheet" type="text/css">
<link href="/atom.xml" rel="alternate" title="0xAA - Random notes on security" type="application/atom+xml">
<script src="/javascripts/modernizr-2.0.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script>!window.jQuery && document.write(unescape('%3Cscript src="/javascripts/libs/jquery.min.js"%3E%3C/script%3E'))</script>
<script src="/javascripts/octopress.js" type="text/javascript"></script>
<!--Fonts from Google"s Web font directory at http://google.com/webfonts -->
<link href="//fonts.googleapis.com/css?family=PT+Serif:regular,italic,bold,bolditalic" rel="stylesheet" type="text/css">
<link href="//fonts.googleapis.com/css?family=PT+Sans:regular,italic,bold,bolditalic" rel="stylesheet" type="text/css">
</head>
<body >
<header role="banner"><hgroup>
<h1><a href="/">0xAA - Random notes on security</a></h1>
</hgroup>
</header>
<nav role="navigation"><ul class="subscription" data-subscription="rss email">
<li><a href="/atom.xml" rel="subscribe-rss" title="Subscribe via RSS">RSS</a></li>
<li><a href="mailto:[email protected]" rel="subscribe-email" title="Contact me">Email</a></li>
</ul>
<form action="https://www.google.com/search" method="get">
<fieldset role="search">
<input type="hidden" name="sitesearch" value="antukh.com">
<input class="search" type="text" name="q" results="0" placeholder="Search"/>
</fieldset>
</form>
<ul class="main-navigation">
<li><a href="/">Blog</a></li>
<li><a href="/cv.pdf">CV</a></li>
<li><a href="/blog/archives">Archives</a></li>
<li><a href="https://github.com/c0rdis/security-champions-playbook">Security Champions Playbook</a></li>
<li><a href="https://aan.sh/otn">OneTimeNotes</a></li>
</ul>
</nav>
<div id="main">
<div id="content">
<div class="blog-index">
<article>
<header>
<h1 class="entry-title"><a href="/blog/2015/10/09/lifting-the-veil/">Lifting the Veil, or Dark Does NOT Always Mean Secure</a></h1>
<p class="meta">
<time class='entry-date' datetime='2015-10-09T17:02:10+02:00'><span class='date'><span class='date-month'>Oct</span> <span class='date-day'>9</span><span class='date-suffix'>th</span>, <span class='date-year'>2015</span></span> <span class='time'>5:02 pm</span></time>
</p>
</header>
<div class="entry-content"><p>This post can be treated as a continuation of previously published article of “Deanonymization made simple”. As mentioned, more than five hundred
of publicly gathered hidden services were misconfigured to disclose <em>/server-status</em> page. I’ve analyzed all of them, and the results looked quite
interesting to me to publish those.</p>
<p><em>I would like to thank my friends <a href="https://twitter.com/josephfcox">@josephfcox</a> and <a href="https://twitter.com/flexlibris">@flexlibris</a> for providing me with invites
to Riseup and making this article possible.</em></p>
</div>
<footer>
<a rel="full-article" href="/blog/2015/10/09/lifting-the-veil/">Read on →</a>
</footer>
</article>
<article>
<header>
<h1 class="entry-title"><a href="/blog/2015/08/22/dark-appsec/">Deanonymization Made Simple</a></h1>
<p class="meta">
<time class='entry-date' datetime='2015-08-22T21:44:25+02:00'><span class='date'><span class='date-month'>Aug</span> <span class='date-day'>22</span><span class='date-suffix'>nd</span>, <span class='date-year'>2015</span></span> <span class='time'>9:44 pm</span></time>
</p>
</header>
<div class="entry-content"><p><a href="https://twitter.com/c0rdis/status/630705659848302592">cbcf9dde327c475d99627c87f58cab7ac6689164bf2fe7734c10c78005ed118e</a> == sha256(“[10.08.2015] I’ve discovered that about 2% of the known darkweb is controlled by one organization.”)</p>
<p><img class="center" src="/images/5_dark_web.jpg" width="600" title="image" alt="images"></p>
</div>
<footer>
<a rel="full-article" href="/blog/2015/08/22/dark-appsec/">Read on →</a>
</footer>
</article>
<article>
<header>
<h1 class="entry-title"><a href="/blog/2015/02/23/angel/">Personal CyberAngel</a></h1>
<p class="meta">
<time class='entry-date' datetime='2015-02-23T20:19:26+01:00'><span class='date'><span class='date-month'>Feb</span> <span class='date-day'>23</span><span class='date-suffix'>rd</span>, <span class='date-year'>2015</span></span> <span class='time'>8:19 pm</span></time>
</p>
</header>
<div class="entry-content"><p>We all know how frustrating account theft could be. Just imagine - you read the news about <a href="http://gadgets.ndtv.com/internet/news/nearly-7-million-dropbox-account-passwords-reportedly-leaked-606494">yesterday’s successful attack</a>
on some service with full database dump published on Pastebin, and you suddenly notice
that your e-mail is listed there too…
What if the news are one week/month/year old, and you didn’t change your password since registration?</p>
<p><img class="center" src="/images/4_angel.png" width="700" title="image" alt="images"></p>
</div>
<footer>
<a rel="full-article" href="/blog/2015/02/23/angel/">Read on →</a>
</footer>
</article>
<article>
<header>
<h1 class="entry-title"><a href="/blog/2015/02/05/otnotes/">One-time Notes</a></h1>
<p class="meta">
<time class='entry-date' datetime='2015-02-05T08:30:07+01:00'><span class='date'><span class='date-month'>Feb</span> <span class='date-day'>5</span><span class='date-suffix'>th</span>, <span class='date-year'>2015</span></span> <span class='time'>8:30 am</span></time>
</p>
</header>
<div class="entry-content"><p>Always wanted to have my own version of Privnote to be sure of how the data is handled on the server… Finally, <a href="https://aan.sh/otnote">here it is</a>.</p>
<h3>Description:</h3>
<ul>
<li>connection is secured by HTTPS</li>
<li>note is encrypted on the client side with <a href="https://keybase.io/triplesec/">Triplesec</a> (Salsa20 + AES + Twofish) with randomly generated key - the server doesn’t know what’s inside</li>
<li>due to heavy crypto, it will take >$100k to break a single note</li>
<li>upon successful submission, a URL type of <strong>{token}#{key}</strong> is generated</li>
<li>direct access of the generated URL will show the decrypted note (using the <strong>{key}</strong>)</li>
<li>for security purposes, you may want to send the link without the key, so the receiver will have to enter the key manually to decrypt your message</li>
<li>there is only one shot - once the URL is accessed, the note is permanently deleted from the server. Additionally, notes auto-expire in 72 hours after creation.</li>
</ul>
<p>Hope you’ll find it useful.</p>
</div>
</article>
<article>
<header>
<h1 class="entry-title"><a href="/blog/2015/01/26/krypto-dog-food/">Easy Way to Get KDF (Krypto-Dog Food)</a></h1>
<p class="meta">
<time class='entry-date' datetime='2015-01-26T20:57:42+01:00'><span class='date'><span class='date-month'>Jan</span> <span class='date-day'>26</span><span class='date-suffix'>th</span>, <span class='date-year'>2015</span></span> <span class='time'>8:57 pm</span></time>
</p>
</header>
<div class="entry-content"><p>My recent <a href="/blog/2015/01/17/cryptosocial-network-from-the-inside/">Keybase overview</a> gave me an impulse to read more about KDFs, their implementations and modern applications, which I’m going to present in the following post.</p>
<p><img class="center" src="/images/2_krypto_dog.jpg" width="333" title="image" alt="images"></p>
<p>KDF is a Key Derivation Function. As follows from the definition, such function is used to derive one or more keys from some secret value - <em>source of initial keying material</em>.
Derived keys can then be used in different ways, such as to encrypt other important data, to built a MAC, or even as-is.
One example of using KDF is to generate a session key during TLS handshake.</p>
</div>
<footer>
<a rel="full-article" href="/blog/2015/01/26/krypto-dog-food/">Read on →</a>
</footer>
</article>
<article>
<header>
<h1 class="entry-title"><a href="/blog/2015/01/19/malware-techniques-cheat-sheet/">Anti-debugging Techniques Cheat Sheet</a></h1>
<p class="meta">
<time class='entry-date' datetime='2015-01-19T18:23:45+01:00'><span class='date'><span class='date-month'>Jan</span> <span class='date-day'>19</span><span class='date-suffix'>th</span>, <span class='date-year'>2015</span></span> <span class='time'>6:23 pm</span></time>
</p>
</header>
<div class="entry-content"><p>It’s been quite a while I analyzed malware last time, so I decided to refresh my knowledge and write a short post on common x86 malware anti-debugging techniques.
Techniques here do not include obfuscation like false branches, spaghetti code etc., and present an extract of popular ways to kick debugger’s ass.
Please note: this is not a complete set of techniques and rather “shortcuts” than a guide.
If you’d like to read more in details, I’ve provided links to some great antidbg materials in the end of the post.
Feel free to contact me to complete the list with undescribed technique and/or correct already described ones!</p>
</div>
<footer>
<a rel="full-article" href="/blog/2015/01/19/malware-techniques-cheat-sheet/">Read on →</a>
</footer>
</article>
<article>
<header>
<h1 class="entry-title"><a href="/blog/2015/01/17/cryptosocial-network-from-the-inside/">"Cryptosocial Network" From the Inside</a></h1>
<p class="meta">
<time class='entry-date' datetime='2015-01-17T21:45:57+01:00'><span class='date'><span class='date-month'>Jan</span> <span class='date-day'>17</span><span class='date-suffix'>th</span>, <span class='date-year'>2015</span></span> <span class='time'>9:45 pm</span></time>
</p>
</header>
<div class="entry-content"><p><em>Disclaimer: all vulnerabilities described here were reported to developers and published with their consent</em></p>
<p>“Get a public key, safely, starting just with someone’s social media username(s).” - this is what you likely to see if you visit the main page of an ambitious project named <a href="https://keybase.io">Keybase</a>.
A great idea to (finally) bring public-key cryptography en masse and make its use easy and fun.
The project is in fact a public key directory wrapped by well-worked model of social networking and tightly bound to those networks itself.</p>
<p><img class="center" src="/images/0_header_maria.jpg" width="600" title="image" alt="images"></p>
</div>
<footer>
<a rel="full-article" href="/blog/2015/01/17/cryptosocial-network-from-the-inside/">Read on →</a>
</footer>
</article>
<div class="pagination">
<a href="/blog/archives">Blog Archives</a>
</div>
</div>
<aside class="sidebar">
<section>
<h1>About Me</h1>
<img class="center" src="/images/avatar.jpeg" width=200 title="image" alt="images">
<p>Alexander is a passionate Security Expert for over 8 years (formally), always looking towards original challenges and opportunities to learn something new.
He is a founder of <a href="http://defcon-moscow.org">Defcon Moscow</a> group and current Board Member of <a href="https://www.owasp.org/index.php/Poland">OWASP Poland</a> Local Chapter.
His special interest is in the field of applied cryptography and in what is called “ethical hacking”.
<br>
<br>
Consider following me:
<a href="https://twitter.com/c0rdis" rel="me"><i class="fa fa-twitter"></i></a>
<a href="https://www.linkedin.com/in/antukh" rel="me"><i class="fa fa-linkedin-square"></i></a>
<a href="https://keybase.io/my" rel="me"><i class="fa fa-key"></i></a></p>
</section>
<section>
<h1>Recent Posts</h1>
<ul id="recent_posts">
<li class="post">
<a href="/blog/2015/10/09/lifting-the-veil/">Lifting the Veil, or Dark Does NOT Always Mean Secure</a>
</li>
<li class="post">
<a href="/blog/2015/08/22/dark-appsec/">Deanonymization Made Simple</a>
</li>
<li class="post">
<a href="/blog/2015/02/23/angel/">Personal CyberAngel</a>
</li>
<li class="post">
<a href="/blog/2015/02/05/otnotes/">One-time Notes</a>
</li>
<li class="post">
<a href="/blog/2015/01/26/krypto-dog-food/">Easy Way to Get KDF (Krypto-Dog Food)</a>
</li>
</ul>
</section>
</aside>
</div>
</div>
<footer role="contentinfo"><p>
Copyright © 2017 - Authorized Attacker -
<span class="credit">Powered by <a href="http://octopress.org">Octopress</a></span>
</p>
</footer>
<script type="text/javascript">
(function(){
var twitterWidgets = document.createElement('script');
twitterWidgets.type = 'text/javascript';
twitterWidgets.async = true;
twitterWidgets.src = '//platform.twitter.com/widgets.js';
document.getElementsByTagName('head')[0].appendChild(twitterWidgets);
})();
</script>
</body>
</html>