Correct answer Information Disclosure in TCExam

Posted on Fri 15 January 2016 in news • Tagged with CEH, wireshark, fraud, tcexam, online exam, information disclosure

TCExam contained an instance of information disclosure that allowed end users to guess the right answer during exams

Continue reading

sqlmap couldn't detect it because we tricked it

Posted on Sun 06 December 2015 in tools • Tagged with sqlmap, sql injection, spanking the monkey, talk, con, seckc, bsides, derbycon, grrcon

A short study on how sqlmap was not detecting an instance of SQL Injection we had coded into a demo app

Continue reading

Reverse Engineering a Custom Protocol and Performing MITM Packet Filtering with Scapy

Posted on Tue 31 December 2013 in reversing • Tagged with amf, android, arp poisoning, filter, firewall, hijack, iptables, mitm, networking, poker, reversing, scapy, tcp/ip, tshark, wireshark

Step by step reversing of a proprietary protocol with post-analysis packet injection

Continue reading

PHP shell exploiting mfunc vulnerability in WordPress

Posted on Fri 04 October 2013 in reversing • Tagged with base64, code injection, curl, mfunc, php shell, w3 total cache, WordPress, wp super cache

Analysis of the exploitation of vulns in WP Super Cache and W3 Total Cache WordPress plugins

Continue reading

Shellcoding with Python's Pickles

Posted on Sat 29 September 2012 in code • Tagged with cPickle, exploit, pickle, python, rce, reference, shellcode

A dive into shellcoding with Python Pickles motivated by playing wargames

Continue reading

Export your Stacks Before they Get Removed!

Posted on Sun 29 July 2012 in tools • Tagged with bookmarks, chrome, delicious, export, firefox, github, import, open source, python, source, stacks

A friendly warning to export and save your bookmarks from Delicious before they get removed

Continue reading

The Call Stack - a Practical Review

Posted on Mon 05 March 2012 in reversing • Tagged with call stack, gdb, linux, registers

Revisiting the call stack, because it's never a bad idea to go over it once more

Continue reading

Automating Jobs in Unix, revisited

Posted on Wed 15 February 2012 in linux • Tagged with crontab, linux

Revisiting the crontab to learn about automating jobs in linux/unix

Continue reading infected with a Trojan

Posted on Mon 30 January 2012 in reversing • Tagged with javascript, rce, security, virus

Analyzing an infection found on

Continue reading

Introduction to Artifical Intelligence: A Revolution in Online Education

Posted on Fri 13 January 2012 in news • Tagged with AI, artificial intelligence, free, online education, stanford, torrent

My experience participating in the Introduction to AI first online education course

Continue reading