This is a simple tracker I have created to facilitate the process of appetising so I do not lose myself in the excitement of the new findings. This helps going methodically through all the areas. I have used the OWASPv4
I wanted to take a look at an old fuzzer called AutoDafe because its name popped up in several papers I read in regards to protocol and file formats fuzzing. The last version is from August 2006 which is far
Recently I have been researching the cyber threats in the maritime industry, what has been done and which areas are not well investigated. I have summarised the initial recon in this field in a mind map – not very accurate
Lately I have been busy studying different buffer overflow protection mechanisms and while reading about stack canaries a funny picture came to my mind. I am visual person and drawing things help me remember. Here is my stack canary drawing
Intro Recently I stumbled upon Paul dot com blog post Reverse Engineering Firmware Primer and decided to see if I could repeat the process and to test my newly installed Debian VM packed with RE tools. Here is my take
Intro Recently I’ve decided to dedicate a fresh Debian environment for my RE tools and having binwalk seemed as a good idea so I can play with firmware binaries. I followed the general install instructions from the project wiki and
Intro This is the second post of a blog series following my progress with the “Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation”, Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse, ISBN: 978-1-118-78731-1. The book includes
Intro This is the first post of what should be a blog series following my progress with the “Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation”, Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse, ISBN: 978-1-118-78731-1.
19 May Update I have improved a bit the host representation. Digging into d3 capabilities found several very useful capabilities like scales. Also utilising jQuery tipsy for nice hover text info display. That lead to v0.2 which could be found
Your external security consultant just sent you the vulnerability report from the last test you ordered? What shall you do with all those findings and how to successfully communicate with the concerned parties? What could go wrong and why?