Other articles


  1. "A Dockery of a sham"

    (This is a bit ragey. I'm not gonna link to anything/anyone, and I wasn't even there, but this attracted my ire)

    Tired of people hating on @Docker giving out @yubico Yubikeys at their conf. Yes it's trusting USB devices at a conference, which us jaded security types are all …

    read more

    There are comments.

  2. "Enabling click to play"

    Click to what?

    Click to play, it's a way of forcing plugins in your web browser in to gaining consent from you in to running. Why is this important? Well, malicious web pages can do a lot with them. Adobe Flash Player, the main one I'm about to talk about …

    read more

    There are comments.

  3. "1980s exfil with Zmodem"

    A common way of getting tools on to a machine, or exfilling data is to encode it in some way and paste it in or out, something like xxd or base64. So you don't have to open up yet another channel, in or out. A wget outbound or scp in …

    read more

    There are comments.

  4. "GPG and openssl and curl and OSX"

    Those playing along at home may remember pain with GPG well, that appears to have gotten more annoying.

    What?

    Libcurl, and gpg2 and openssl... Or so I assumed.

    [laptop:~]% gpg2 --verbose --keyserver-options=debug,verbose --search foo
    gpg: searching for "foo" from hkps server hkps.pool.sks-keyservers.net
    gpgkeys: curl version …
    read more

    There are comments.

Page 1 / 2 »

links

social