Blog

illustrations illustrations illustrations illustrations illustrations illustrations illustrations
post-thumb

Hacking

Tools and web resources about hacking.

Libraries

Blog

Videos

Tools

  • file: recognizing the type of data contained in a computer file
  • strings: finds and prints text strings embedded in binary files such as executables
  • xxd: hex dump
  • binwalk: Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  • Stegsolve: Steganography
  • upx: Linux executable packer
  • Ghildra: software reverse engineering
  • checksec: Checksec is a bash script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source).
  • pwntools: Pwntools is a CTF framework and exploit development library (manipulate running program)
  • frida: Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Read More
post-thumb

JVM

Compare different JVM to improve container performance.

State of play

We will focus on OpenJDK because it’s the reference for JDK, it’s an open project and many companies are contributors (Oracle, RedHat, …).

Read More
post-thumb

Native Java frameworks

Compare different Java framework to generate native application.

Native

Static executable provides best performance on runtime because it’s compiled for a specific platform.

Read More
post-thumb

JRE Dependencies with host

What are JRE depencies with host OS ?

Dependencies

ldd /usr/bin/java
        linux-vdso.so.1 =>  (0x00007ffff917a000) 
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f6fcb946000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f6fcb730000)
        libjli.so => not found
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f6fcb52c000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f6fcb15f000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f6fcbb62000)

Definition

  • vdso: a kernel mechanism for exporting a carefully selected set of kernel space routines to user space applications so that applications can call these kernel space routines in-process, without incurring the performance penalty of a context switch that is inherent when calling these same kernel space routines by means of the system call interface
  • libpthread: multithreadinf
  • libz: zlib (compression)
  • libjli: JNI alternative (??)
  • libdl: dynamic linkind support
  • libc: C language standard library
  • ld-linux: dynamic linker/loader

Read More
post-thumb

Understand: From scratch

How “from scratch” works ?

Image

FROM scratch
ENV PROXY_LISTEN=0.0.0.0:8443
ENV PROXY_LISTEN_HTTP=0.0.0.0:8080

EXPOSE 8080 8443

ADD keycloak-gatekeeper /
ADD config.yaml /config.yaml
CMD ["/keycloak-gatekeeper","--config","config.yaml"]
d build -t keycloak-gatekeeper:scratch .

# No file except keycloak-gatekeeper
dive keycloak-gatekeeper:scratch
{
  "layer": [
    {
      "index": 0,
      "digestId": "sha256:5615180f624e082f675261de139dca5eefe09ced8653bf25e02cb1075ace24dc",
      "sizeBytes": 12768011,
      "command": "#(nop) ADD file:40e67ed7d86014658f5b01316b9193210dc93bfe2bdf1ee9ae9c714635c9699c in / "
    },
    {
      "index": 1,
      "digestId": "sha256:bd785d8e829b3305fc45051b901d54805e1c536404359eb1084d754cf643b69c",
      "sizeBytes": 501,
      "command": "#(nop) ADD file:3704f000080497680b5aeae92f9cfadddbc385c4dacc87df1b8d0b072d46e63e in /config.yaml "
    }
  ],
  "image": {
    "sizeBytes": 12768512,
    "inefficientBytes": 0,
    "efficiencyScore": 1,
    "inefficientFiles": []
  }
}

Container

# Run
d run --rm keycloak-gatekeeper:scratch &

## Attach alpine
doatt determined_haibt
/ # ls -al /proc/1/root
lrwxrwxrwx    1 root     root             0 Aug 12 12:36 /proc/1/root -> /
/ # ls -al /proc/1/root/
total 12476
drwxr-xr-x    7 root     root           126 Aug 12 12:35 .
drwxr-xr-x    7 root     root           126 Aug 12 12:35 ..
-rwxr-xr-x    1 root     root             0 Aug 12 12:35 .dockerenv
-rwxr-xr-x    1 root     root           501 Aug 12 12:27 config.yaml        
drwxr-xr-x    5 root     root           340 Aug 12 12:35 dev
drwxr-xr-x    2 root     root            66 Aug 12 12:35 etc
-rwxr-xr-x    1 root     root      12768011 Aug 12 12:26 keycloak-gatekeeper
dr-xr-xr-x  147 root     root             0 Aug 12 12:35 proc
drwxr-xr-x    3 root     root            21 Aug 12 12:35 run
dr-xr-xr-x   13 root     root             0 Aug 12 11:37 sys
/ # ls -al /proc/1/root/etc
total 12
drwxr-xr-x    2 root     root            66 Aug 12 12:35 .
drwxr-xr-x    7 root     root           126 Aug 12 12:35 ..
-rw-r--r--    1 root     root            13 Aug 12 12:35 hostname
-rw-r--r--    1 root     root           174 Aug 12 12:35 hosts
lrwxrwxrwx    1 root     root            12 Aug 12 12:35 mtab -> /proc/mounts
-rw-r--r--    1 root     root            92 Aug 12 12:35 resolv.conf

Containers includes standard linux folder structure (see specification).

Read More
post-thumb

Cryptography glossary

Glossary for cryptography vocabulary.

PKI

  • PKI Public Key Infrastructure
  • CSR
  • CLR
  • X.509 standard that defines the format of public key certificates

Standard

Public-Key Cryptography Standards (PKCS)

  • PKCS#1 unencrypted RSA key storage format.
  • PKCS#7 Collection of public certificates.
  • PKCS#8 Encrypted private key format for RSA DSA EC keys.
  • PKCS#10 Certificate signing request (CSR).
  • PKCS#11 Security token / Smart card / HSM access.
  • PKCS#12 Certificate, Private key and probably a CA chain.

File formats

  • DER Distinguished Encoding Rules - Binary format
  • PEM Privacy Enhanced Mail - Text format

Extensions

  • .pem (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate, enclosed between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–”
  • .cer, .crt, .der – usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
  • .p7b, .p7c PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
  • .p12 PKCS#12, may contain certificate(s) (public) and private keys (password protected)
  • .pfx PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)

Algorithms

TODO

Read More

My Stack

client-logo client-logo client-logo client-logo client-logo client-logo client-logo client-logo client-logo