Skullsecurity - skullsecurity.org - SkullSecurity
General Information:
Latest News:
ropasaurusrex: a primer on return-oriented programming 2 May 2013 | 07:25 pm
One of the worst feelings when playing a capture-the-flag challenge is the hindsight problem. You spend a few hours on a level—nothing like the amount of time I spent on cnot, not by a fraction—and re...
Epic "cnot" Writeup (highest value level from PlaidCTF) 25 Apr 2013 | 06:35 pm
When I was at Shmoocon, I saw a talk about how to write an effective capture-the-flag contest. One of their suggestions was to have a tar-pit challenge that would waste all the time of the best player...
A padding oracle example 7 Jan 2013 | 08:40 pm
Early last week, I posted a blog about padding oracle attacks. I explained them in detail, as simply as I could (without making diagrams, I suck at diagrams). I asked on Reddit about how I could make ...
Padding oracle attacks: in depth 2 Jan 2013 | 09:59 pm
This post is about padding oracle vulnerabilities and the tool for attacking them - "Poracle" I'm officially releasing right now. You can grab the Poracle tool on Github! At my previous job — Tenable ...
What's going on with SkullSpace (our hackerspace)? 5 Nov 2012 | 11:30 pm
Hey everybody, This is just a super quick post today to direct you here - http://www.skullspace.ca/blog/2012/11/skullspace-2-0-the-new-frontier/. That's a post I wrote about SkullSpace - the hackerspa...
Everything you need to know about hash length extension attacks 25 Sep 2012 | 07:03 pm
You can grab the hash_extender tool on Github! (Administrative note: I'm no longer at Tenable! I left on good terms, and now I'm a consultant at Leviathan Security Group. Feel free to contact me if yo...
Using "Git Clone" to get Pwn3D 7 Aug 2012 | 09:40 pm
Hey everybody! While I was doing a pentest last month, I discovered an attack I didn't previously know, and I thought I'd share it. This may be a Christopher Columbus moment - discovering something th...
Battle.net authentication misconceptions 25 May 2012 | 09:22 am
Hey everybody, There have been a lot of discussion and misconceptions about Battle.net's authentication lately. Having done a lot of work on the Battle.net protocol, I wanted to lay some to rest. Th...
Remote control manager FAIL 20 Dec 2011 | 05:40 am
Hey guys, Today, I thought it'd be fun to take a good look at a serious flaw in some computer-management software. Basically, the software is designed for remotely controlling systems on networks (fo...
A deeper look at ms11-058 24 Aug 2011 | 02:10 am
Hey everybody, Two weeks ago today, Microsoft released a bunch of bulletins for Patch Tuesday. One of them - ms11-058 - was rated critical and potentially exploitable. However, according to Microsoft...