Black Hat Python: Infinite possibilities with the Scapy Module

This is a review about one of my favorites libraries in Python: Scapy, which is a very powerful packet manipulation resource.

Scapy is able to forge and decode packets of several protocols, send and capture them, match requests and replies, and much more. It can be used to handle most ...

more ...

Black Hat Python: Building a UDP Scanner

When it comes to the reconnaissance of some target network, the start point is undoubtedly on host discovering. This task might come together with the ability to sniff and parse the packets flying through the network.

A few weeks ago, I talked about how to use Wireshark for packet sniffing ...

more ...

Black Hat Python: The Paramiko Module

This is the second post based on my readings from Black Hat Python. Yesterday I talked about Python's socket module and today I'm talking about the paramiko module.

Paramiko is awesome!!! It uses my dear PyCrypto to give us access to the SSH2 protocol, and it has a ...

more ...

Black Hat Python Networking: The Socket Module

Last week I got my copy of Black Hat Python, the new Justin Seitz's book. The compilation talks about network programming, web hacking, and Windows exploitation. All in Python!

I have been wanting to write about Python's network resources for a while and now this is my chance ...

more ...

Lots of Astrophysics for You!

cyberpunk

I wrote so much code during my Ph.D.! Some of them were protected or cannot be shared, but some are free (as in free beer).

If you like astrophysics, check out some of my IDL and Python work:

more ...

On Redis & AES Encryption in the 9447's CTF

During this last weekend, the 9447 CTF took place. One of the misc problems was called NoSQL and had the following description, together with an attachment with three files:

    Hey, I don't understand how SQL works so I made my own NoSQL startup. And OpenSSL is bloody crap.

    ip ...
more ...

The First Stripe CTF

Although I did not have the chance of playing in either of the three Stripe CTFs, I was quite enthralled when I took a look at the problems. I decided to solve them anyway and I am writing this series of writeups.

This post is about the first Stripe CTF ...

more ...

Wiresharking for Fun or Profit

Wireshark is an open source network packet analyzer that allows live traffic analysis, with support to several protocols.

Wireshark also allows network forensic, being very useful for CTFs for example (check my writeups for the D-CTF Quals 2014 and for the CSAW Quals 2014 in Networking and Forensics).

In this ...

more ...

The Ultimate Linux Guide for Hackers ;)

Being a Linux user is, above all, a life style. Interestingly, more and more people have been joining this community, keeping it dynamic and organic.

Linux has been in my life since my high school years and I'm still constantly inspired by the fact that it has not lost ...

more ...

On CRLs, OCSP, and a Short Review of Why Revocation Checking Doesn't Work (for Browsers)

Today I am going to talk about some regulation details of SSL/TLS connections. These connections rely on a chain of trust. This chain of trust is established by certificate authorities (CAs), which serve as trust anchors to verify the validity of who a device thinks it is talking to ...

more ...