Cybersecurity

TinyScheme File I/O

Sunday, October 21, 2018

Preface Scheme is a Lisp dialect created in 1975 by MIT’s Gerald J. Sussman and Guy L. Steele Jr. It is one of the two major modern Lisp dialects; the other is Common Lisp. Despite its long history, Scheme remains active and has implementations for many platforms and environments, such as Racket, Guile, MIT Scheme, and Chez Scheme. TinyScheme is a lightweight embeddable Scheme interpreter that follows the R5RS (Revised^5 Report on the Algorithmic Language Scheme) specification. This specification was released in 1998 and is now widely used. Although TinyScheme lacks extensive official documentation, its adherence to the R5RS standard enables developers to consult documentation from mainstream Scheme implementations, such as Racket, for guidance. …

Data Forwarding Techniques in Penetration Testing

Wednesday, April 4, 2018

Approach In penetration testing, you almost always need a proxy server, so let’s start by assuming we have a server with a public IP as the attacker machine. …

Linux Post-Exploitation Notes: PAM Backdoor

Sunday, March 25, 2018

Preface Linux-PAM (Pluggable Authentication Modules) is a pluggable authentication framework. PAM uses configuration files under /etc/pam.d/ to manage how programs perform authentication. …

Subdomain Enumeration Notes

Tuesday, December 5, 2017

Preface The idea is as follows: …

Approaches to Finding the Origin Server Behind a CDN

Saturday, October 28, 2017

Approaches to Bypassing a CDN There are many approaches online for bypassing a CDN, but many of them have issues. Below is a collection and summary of commonly used ideas. From a site owner’s perspective, not every site will always be behind a CDN. From a DNS provider’s perspective, historical DNS records may not be controlled by the CDN provider. From a CDN provider’s perspective, there are limitations on covered regions, and CDN traffic can also be limited. …

Exploiting OFFICE OLE2LINK (CVE-2017-0199)

Sunday, May 7, 2017

Preface I’m so dizzy writing this after the graduation banquet! …

Developing a Burp Suite Extension to Brute-Force a Platform

Wednesday, March 29, 2017

Introduction Our campus network has officially gone into operation, but the username/password policy is still a default-password scheme: the password is the last six digits of the national ID number. For any platform that uses single sign-on (SSO), this is extremely dangerous. …

Nexus 5 Can’t Retire Yet — Be My Backup Phone!

Saturday, October 8, 2016

Why I used my Nexus 5 for two years. The battery got worse and worse—going from charging once a day to three times a day. When I was out, even plugged into a power bank, the battery percentage still kept dropping. It ended up dying and going offline by itself multiple times, which delayed a lot of things. …

Kali NetHunter: First Impressions

Thursday, August 27, 2015

Kali NetHunter, a mobile penetration testing platform, has been out for a while. Among Chinese geeks, opinions on it have been mixed. Either way, I’d wanted to try NetHunter for a long time—after all, being able to do some “evil” things with a phone in certain situations feels a bit like Watch Dogs. …