SSH for Fun and Profit

In May last year, a new attack on the Diffie Hellman algorithm was released, called Logjam. At the time, I was working on a security team, so it was our responsiblity to check that none of our servers would be affected. We ran through our TLS config and decided it was safe, but also needed to check that our SSH config was too. That confused me – where in SSH is Diffie Hellman? In fact, come to think of it, how does SSH work at all? As a fun side project, I decided to answer that question by writing a very basic SSH client of my own.

Tim Tam Logistics

As an Australian living in the US, I feel it’s my duty to introduce the treats of my childhood to my co-workers: red frogs, Fantales, and Milo have all made appearances. However, far and away the mostly highly voted treat has been Tim Tams. Unfortunately, as an imported product, Tim Tams are pretty expensive in the US - over US$8 a packet on Amazon. It’s not immediately clear where this cost comes from, so I decided to figure out if I could sell them for less.

Puzzles with coreutils (Part 2)

On another free weekend afternoon, I decided to finish off the rest of the coreutils brainteasers I started last month. This time I learned more about Linux audio, bash substring replacement, and the assortment of flags that ls supports.

Dropping privileges in nodejs

A couple of months ago I wrote a web challenge for the 9447 CTF called ramble. Spoiler alert, the challenge was written in nodejs, but allowed the user to execute arbitrary shell code. Clearly I didn’t want players to be able to destroy the challenge for others, so I wanted my process to have ~no privileges. This proved to be more of a challenge than expected.