Terminal read-only live sharing
Live sharing a terminal session to another (shared) host over SSH in read-only mode.
View ArticleFoo over SSH
A comparison of the different solutions for using SSH2 as a secured transport for protocols/services/applications.
View ArticleSibling Tail Call Optimization in Python
In Tail Recursion In Python, Chris Penner implements (self) tail-call optimization (TCO) in Python using a function decorator. Here I am extending the approach for sibling calls.
View ArticleArgument and shell command injections in browser invocation
I found an argument injection vulnerability related to the handling of the BROWSER environment variable in sensible-browser. This lead me (and others) to a a few other argument and shell command...
View ArticleMore example of argument and shell command injections in browser invocation
In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I am evaluating some other CVEs which were registered at the...
View ArticleIP address spoofing in order to watch South Park
Trying to bring back some old IP spoofing Firefox extension for watching South Park episodes.
View ArticleMy document generation workflow with Markdown, YAML, Jinja2 and WeasyPrint
Here is the workflow I am using to generate simple text documents (resume, cover letters, etc.) from Markdown, YAML and Jinja2 templates.
View ArticleRemote Code Execution via Cross Site Request Forgery in InternetCube and...
How I found remote code execution vulnerabilities via Cross Site Request Forgery (CSRF) on the administration interfaces of InternetCube applications and of the YunoHost administration interface which...
View ArticleSurprising shell pathname expansion
I thought I was understanding pretty well how bash argument processing and various expansions is supposed to behave. Apparently, there are still subtleties which tricks me, sometimes.
View ArticleUsing dig as a LLMNR or mDNS CLI Lookup utility
I was looking for a LLMNR commandline lookup utility. Actually, dig can do the job quite fine.
View ArticleSystemd-resolved DNS configuration for VPN
Some guidance about configuring/fixing domain name resolution with a corporate Virtual Private Network (VPN), especially OpenVPN and with systemd-based Linux systems. This configuration uses the...
View ArticlePush-to-talk in any application
Some scripts I wrote to enable system-wide push-to-talk (for X11 and PulseAudio). Some people might find it useful for the ongoing lockdown.
View ArticleGNU/Linux host name resolution
This post describes different software components involved in host name resolutions and DNS configuration on GNU/Linux systems. It consists of a diagram and some accompanying explanations. The goal is...
View ArticleDNS Rebinding vulnerabilities in Freebox
I found some DNS rebinding vulnerabilities in Freebox devices (CVE-2020-24374, CVE-2020-24375, CVE-2020-24376, CVE-2020-24377) as well as a Cross Site Request Forgery (CSRF) vulnerability...
View ArticleDisable Certificate Verification on Android with Frida
Some notes about how to write a Frida script with the (somewhat classic) example of disabling certificate verification for TLS communications on Android applications.
View ArticleDNS rebinding vulnerability in Samsung SmartTV UPnP
I found a DNS rebinding vulnerability on the Universal Plug-and-Play (UPnP) interface of the Samsung TV UE40F6320 (v1.0), from 2011. This could be used, for example, to change the channel, to know...
View ArticleDNS rebinding and CSRF vulnerabilites on Samsung TV DIAL implementation
I found a DNS rebinding vulnerability as well as a Cross Site Request Forgery (CSRF) vulnerability on the DIAL (Discovery And Launch) implementation of the Samsung TV UE40F6320 (v1.0), from 2011. This...
View ArticleIntroduction to UPnP
This post gives simple explanations of how UPnP (Universal Plug-and-Play) works, especially with the goal of testing the security devices such as routers, smart TVs, etc.
View ArticleFirefox DoH DNS rebinding protection bypass using IPv4-mapped addresses
I found that the filtering of private IPv4 addresses in the DNS-over-HTTPS (DoH) implementation of Firefox could by bypassed. This is CVE-2020-26961 and Mozilla bug 1672528. It has been fixed in...
View Article