HackerTrans
TopNewTrendsCommentsPastAskShowJobs

joren485

no profile record

Submissions

Substack Domain Takeover

blog.nietaanraken.nl
2 points·by joren485·السنة الماضية·0 comments

Carving ELF Files

blog.nietaanraken.nl
73 points·by joren485·قبل سنتين·9 comments

Using PANDA to search for F.L.I.R.T. signatures during process execution

blog.nietaanraken.nl
2 points·by joren485·قبل 3 سنوات·0 comments

Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories

blog.nietaanraken.nl
6 points·by joren485·قبل 3 سنوات·2 comments

Hijacking GitHub Repositories by Deleting and Restoring Them

blog.nietaanraken.nl
2 points·by joren485·قبل 4 سنوات·0 comments

Hijacking AUR Packages by Searching for Expired Domains

blog.nietaanraken.nl
2 points·by joren485·قبل 4 سنوات·2 comments

Command Injection in the GitHub Pages Build Pipeline

blog.nietaanraken.nl
4 points·by joren485·قبل 4 سنوات·0 comments

comments

joren485
·قبل سنتين·discuss
Thank you for your feedback!

I improved my post (and my carver) by including parsing the program headers as well.

Also, thanks for the suggestion of super-strip. An interesting tool that I will play around with.
joren485
·قبل سنتين·discuss
Thanks!

I haven't really looked at alternative carvers (but I am aware that many great options exist). I didn't know unblob yet. Thanks for the suggestion!

Looking at the code, they use the same methodology as I describe in the post [0]. They do, however, also check for the end of the last segment, which is interesting.

[0] https://github.com/onekey-sec/unblob/blob/112da43587c80cc3a7...
joren485
·قبل 4 سنوات·discuss
That is an interesting question!

I did a quick search to get a rough answer. Many maintainers/contributors try to obfuscate their email address against this type of parsing, which adds a margin of error.

I was able to find 249 expired domains (used in 626 packages) that are used in a maintainer or contributor email address. Some of these are obvious fakes (e.g. bigbrothergoogle.com), so I reckon the real number is somewhere around the 200 domains.

Of the packages that I checked (manually), many are already orphaned. Some contributors will be listed because they have contributed in the past, but do not have contribution permissions anymore. So how many of these domains will lead to an actual package takeover, will most likely be much lower.
joren485
·قبل 4 سنوات·discuss
Hybrid (Argon2id) is probably the safest bet if you are unsure.

The specific modes are useful dependent on the threat model you are protecting against. Argon2i protects better against timing/side-channel attacks and Argon2d protects better against brute-forcing attacks.

In my opinion, a developer should (in most cases) focus on application security instead of picking the perfect hashing algorithm, as application security is far more crucial.
joren485
·قبل 4 سنوات·discuss
> I'm not sure if bcrypt/blowfish is still the recommended algorithm or there's newer better ones

While bcrypt is already much, much better than using MD5 or SHA256, the best practice is to use Argon2.

In practice, it is more important to use a hashing algorithm that is designed for passwords (e.g. bcrypt, argon2, scrypt) than it is to choose the best one. As this breach shows, many sites are still using insecure hashes, like MD5, because it worked 15 years ago.
joren485
·قبل 5 سنوات·discuss
The (centralized) crypto lending space has been slowly imploding in the past year. Most companies give a promotional rate on the first coin(s), but will pay very little interest on any large amount.

A detailed analysis of the various players in the space: https://prohashing.com/guides/earning-interest-on-crypto