DHCP and Weird Hostnames

Believe it or not, I dusted off my Ninetendo 3DS and Apple iPods.

When it came time to configure it and attach it to my ISC DHCP server, the server rejected the devices’ DHCP-REQUEST message.

A closer look showed that the hostname was funky for various reasons:

  1. Nintendo 3DS had …

more ...

Authentication for API

Fri 28 December 2018 Category research

Authentication for API

When deploying a new web API, authentication approaches came to mind foremostly. Needed to determine which type of authentication to use. Large binning, salting of hash, and revocatable are my criteria.

Some toolkits that went out the window firstly are: auth0, Fusion auth, and Gluu.

So, some …

more ...

Tight Multiversion Python Re-development Cycle

Tight Multiversion Python Re-development Cycle


Set up a new Python virtual environment

cd \~/work/python
mkdir env3
# Create the virtual environment support
python3 -m venv env
# subdirectory bin created with all symlink'd executables (ie., pytest, python3, activate)

# Following source command CANNOT be done from a script file but only …
more ...

Automata theory: formal languages and formal grammars

Chomsky hierarchy Grammars Languages Abstract machines
Type-0 Unrestricted Recursively enumerable Turing machine
(no common name) Decidable Decider
Type-1 Context-sensitive Context-sensitive Linear-bounded
Positive range concatenation Positive range concatenation* PTIME Turing Machine
Indexed Indexed* Nested stack
Thread automaton
Linear context-free rewriting systems Linear context-free rewriting language restricted Tree stack automaton
Tree-adjoining Tree-adjoining …

more ...

CSP Compatibility


API security checklist

Checklist of the most important security countermeasures when designing, testing, and releasing your API.

more ...

Rowhammer and ECC memory


Web Security Advanced Topic 2018

Advanced exploits of web security in 2018

more ...

Anti Debugging Detection & Prevention

Debugger Detection/Prevention slug: anti-debugging-methods

some source in [LordNoteworthy@github]. Most common/interesting ones:

  • IsDebuggerPresent(), CheckRemoteDebuggerPresent() etc. (quite silly, mostly as a kinda-decoy) OS calls are not 100% obfuscatable => using them (unless they’re actually inlines or macros) is a Bad Idea™ (Bad Example: [zer0fl4g@github]). IF using them – obfuscate …
more ...

Bind9 Keys

Keys Used in DNSSEC

more ...