OSCE Prologue or How to get Secret key to CTP?

If you want to register to CTP, you will need something they call Registration Code and Secret Key. So firstly, there is interesting file /fc4.js function fc4me(srvstr) { if(!document.pleazfc4me.email.value || !document.pleazfc4me.securitystring.value) { alert("Please fill in all the required fields!"); return false; } if(document.pleazfc4me.securitystring.value != hexMD5("\x74\x72\x79\x68\x61\x72\x64\x65\x72"+srvstr)) { alert("Registration Authorization String not accepted! Try Harder! "); return false; } else { document.pleazfc4me.submit(); } } So all you need to do is setup some js variables in browser console and call fc4me(srvstr)...

January 22, 2020 · 3 min · Matus Bursa

Notes from #34c3

moongen nmap-vulners is great script for automatically find possible issues of services on opened ports. It’s partly replacing Nessus, but it’s open source. It is using vulners database for finding possible vulnerabilities. Vulners is also great tool, because it allows check all your installed packages. You can find it in audit section. taskwarrior shamir secret sharing restic khal...

January 10, 2018 · 1 min · Matus Bursa

.grsec patch size_overflow

I think you sure know linux kernel patches from grsecurity. In follow tweet you can read about size overflow in patch from grsec. This is the fail in the @grsecurity patch. How did this pass review? ... a security patchset has code review, right? pic.twitter.com/gincZXdQrU — Hector Martin (@marcan42) April 25, 2016 So what is the problem in this patch? When you change int (signed value) to size_t (unsigned value), you have to be sure you are saving unsigned value....

April 29, 2016 · 1 min · Matus Bursa