Wireshark is an open-source network packet analyzer that allows live traffic analysis, with support to several protocols.

Wireshark also allows network forensic, being handy for CTFs for example (check my writeups for the D-CTF Quals 2014 and for the CSAW Quals 2014 in Networking and Forensics).

In this blog post ...

Being a Linux user is, above all, a lifestyle. Interestingly, more and more people have been joining this community, keeping it dynamic and organic.

Linux has been in my life since my high school years, and I'm still always inspired by the fact that it has not lost any ...

Today I am going to talk about some regulation details of SSL/TLS connections. These connections rely on a chain of trust. This chain of trust is established by certificate authorities (CAs), which serve as trust anchors to verify the validity of who a device thinks it is talking to ...

In 2008, Google released a sandbox-oriented browser, that was assembled from several different code libraries from Google and third parties (for instance, it borrowed a rendering machinery from the open-source Webkit layout engine, later changing it to a forked version, Blink). Six years later, Chrome has become the preferred browser ...

Although nomenclatures don't help much when you are facing a security problem, I am keeping this list for a systematic organization. It has regularly been updated.

In addition to this list, you can check some specific web exploration older posts: Exploiting the web in 20 lessons and D-Camp CTF ...

Pretty Good Privacy (PGP) is a model that provides cryptographic privacy and authentication for data communication. It was created by Phil Zimmermann in 1991. Today, PGP is a company that sells a proprietary encryption program, OpenPGP is the open protocol that defines how PGP encryption works, and GnuGP is the ...

Last week was the Hack.lu Final CTF. In this post, I discuss one of my favorite crypto problems in that CTF: the "Peace Pipe".

Understanding the Problem

The problem starts with this weird story:

After a long day, you sit around a campfire in the wild wild web with ...

Last weekend I played some of the DEFCAMP CTF Quals. It was pretty intense. For (my own) organizational purposes, I made a list of all the technologies and vulnerabilities found in this CTF, some based on my team's game, some based on the CTF write-ups git repo.

Vulnerabilities

Remote ...

Continuing my quest through the Wargames, today, I am going to talk about the 20 first levels of Natas, the web exploitation episode.

I divide the exploits into two parts. The first part contains the easy challenges that don't demand much art (and are a bit boring). The second ...

The ASIS CTF happened last weekend. Although I ended up not playing all I wanted, I did spend some time working on a crypto challenge that was worth a lot of points in the game. The challenge was about a sort of a not well-known system, the Paillier cryptosystem.

The ...