Black Hat Python: Infinite possibilities with the Scapy Module

This is a review about one of my favorites libraries in Python: Scapy, which is a very powerful packet manipulation resource.

Scapy is able to forge and decode packets of several protocols, send and capture them, match requests and replies, and much more. It can be used to handle most ...

more ...

Black Hat Python: Building a UDP Scanner

When it comes to the reconnaissance of some target network, the start point is undoubtedly on host discovering. This task might come together with the ability to sniff and parse the packets flying through the network.

A few weeks ago, I talked about how to use Wireshark for packet sniffing ...

more ...

Black Hat Python: The Paramiko Module

This is the second post based on my readings from Black Hat Python. Yesterday I talked about Python's socket module and today I'm talking about the paramiko module.

Paramiko is awesome!!! It uses my dear PyCrypto to give us access to the SSH2 protocol, and it has a ...

more ...

Black Hat Python Networking: The Socket Module

Last week I got my copy of Black Hat Python, the new Justin Seitz's book. The compilation talks about network programing, web hacking, and Windows exploitation. All in Python!

I have been wanting to write about Python's network resources for a while and now this is my chance ...

more ...

On Redis & AES Encryption in the 9447's CTF

During this last weekend, the 9447 CTF took place. One of the misc problems was called NoSQL and had the following description, together with an attachment with three files:

    Hey, I don't understand how SQL works so I made my own NoSQL startup. And OpenSSL is bloody crap.

    ip ...
more ...

The First Stripe CTF

Although I did not have the chance of playing in neither of the three Stripe CTFs, I was quite enthralled when I took a look at the problems. I decided to solve them anyway and I am writing this series of writeups.

This post is about the first Stripe CTF ...

more ...

My Cute and Fluffy Intro to Linux (aka Yet Another Linux Guide)

Being a Linux user is, above all, a life style. Interestingly, more and more people have been joining this community, keeping it dynamic and organic.

Linux has been in my life since my high school years and I'm still constantly inspired by the fact that it has not lost ...

more ...

A Closer Look at Chrome's Security: Understanding V8

In 2008, Google released a sandbox-oriented browser, that was assembled from several different code libraries from Google and third parties (for instance, it borrowed a rendering machinery from the open-source Webkit layout engine, later changing it to a forked version, Blink). Six years later, Chrome has became the preferred browser ...

more ...

Exploiting the Web in 20 Lessons (Natas)

Continuing my quest through the Wargames, today I am going to talk about the 20 first levels of Natas, the web exploitation episode.

I divide the exploits in two parts. The first part contains the easy challenges that don't demand much art (and are a bit boring). The second ...

more ...

On Paillier Ciphersystem, Binary Search and the ASIS CTF 2014

The ASIS CTF happened last weekend. Although I ended up not playing all I wanted, I did spend some time working on a crypto challenge that was worth a lot of points in the game. The challenge was about a sort of not well-known system, the Paillier cryptosystem.


The Cryptosystem ...

more ...