In May last year, a new attack on the Diffie Hellman algorithm was released, called Logjam. At the time, I was working on a security team, so it was our responsiblity to check that none of our servers would be affected. We ran through our TLS config and decided it was safe, but also needed to check that our SSH config was too. That confused me – where in SSH is Diffie Hellman? In fact, come to think of it, how does SSH work at all? As a fun side project, I decided to answer that question by writing a very basic SSH client of my own.
As an Australian living in the US, I feel it’s my duty to introduce the treats of my childhood to my co-workers: red frogs, Fantales, and Milo have all made appearances. However, far and away the mostly highly voted treat has been Tim Tams. Unfortunately, as an imported product, Tim Tams are pretty expensive in the US - over US$8 a packet on Amazon. It’s not immediately clear where this cost comes from, so I decided to figure out if I could sell them for less.
On another free weekend afternoon, I decided to finish off the rest of the
coreutils brainteasers I started last month. This
time I learned more about Linux audio, bash substring replacement, and the
assortment of flags that ls
supports.
Reading through an article, What every computer science major should know, I came across a couple of interesting coreutils brain teasers under “The Unix philosophy” to play with of an evening. They turned out to be a great way to learn about some more tools, and to brush up on some of those I already knew.
A couple of months ago I wrote a web challenge for the 9447 CTF called ramble. Spoiler alert, the challenge was written in nodejs, but allowed the user to execute arbitrary shell code. Clearly I didn’t want players to be able to destroy the challenge for others, so I wanted my process to have ~no privileges. This proved to be more of a challenge than expected.