TUN/TAP interface (on Linux)
Some notes about using the TUN/TAP interface, especially on Linux.
View ArticleDNS rebinding explained
A quick summary about how DNS rebinding attacks work. The main motivation for this post is to have a diagram to show when explaining DNS-rebinding attacks.
View ArticleDNS rebinding vulnerability in pupnp and npupnp
I found that pupnp was vulnerable to DNS rebinding attacks. npupnp, a fork a pupnp, was impacted as well. This is demonstrated using Gerbera a UPnP MediaServer.
View ArticleDNS rebinding vulnerability in GUPnP
GUPnP, a GNOME library for Universal Plug and Play (UPnP), was vulnerable to DNS rebinding attacks. This is CVE-2021-33516 and GUPnP issue #24. This was fixed in GUPnP 1.0.7 and GUPnP 1.2.5.
View ArticleCSRF to RCE in GeckoDriver
A Cross-Site Request Forgery (CSRF) vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. CVE-2020-15660 has been assigned to this vulnerability. This was fixed...
View ArticleCross-origin/same-site request forgery to RCE in chromedriver
I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not...
View ArticleWhat is in my COVID-19 vaccination certificate?
Manually inspecting the content of a French COVID-19 vaccination certificate QR code. The main intent is to show with a concrete example which data is actually included in the certificate.
View ArticleIntroduction to the Diffie-Hellman key exchange
The Diffie-Hellman (DH) key exchange (and variants thereof) is widely used in many protocols (such as TLS, SSH, IKE (IPSec), Signal, etc.) to bootstrap some symmetric key material which may then be...
View ArticleIntroduction to TLS v1.2
Some notes about how TLS v1.2 (Transport Layer Security) works. The goal explain what is going on in a network traffic dump, the role of the different TLS extensions, the impact of the different cipher...
View ArticleDNS rebinding vulnerability to RCE in geckodriver
A DNS rebinding vulnerability I found in geckodriver which could be used to execute arbitrary shell commands. This is bug #1652612 and CVE-2021-4138.
View ArticleCSRF and DNS-rebinding to RCE in Selenium Server (Grid)
Vulnerabilities in found on the WebDriver endpoints of Selenium Server (Grid).
View ArticleIntroduction to TLS v1.3
Some notes about how TLS v1.3 works. This is a follow-up of the previous episode about TLS v1.2. As before, the goal is to have a high-level overview about how the protocol works, what is the role of...
View ArticleDNS rebinding on ReadyMedia/minidlna v1.3.0 and below
A DNS rebinding vulnerability I found in ReadyMedia (formerly MiniDLNA) v1.3.0 and below. This is CVE-2022-26505.
View ArticleLack of X.509 TLS certificate validation in OWASP ZAP
Lack of X.509 TLS certificate validation in OWASP ZAP (Zed Attack Proxy) could be used for man-in-the-middle attacks.
View ArticleBrowser-based attacks on WebDriver implementations
Some context and analysis about attacks on in WebDriver implementations.
View ArticleImpact of the different Wifi security modes
Comparing the different Wifi/WPA authentication and key distribution methods (PSK, EAP, SEA).
View ArticleExtract the schema from a remote LDAP server
How to extract the schema from a remote LDAP server and use it on a OpenLDAP instance.
View ArticleStable diffusion on an AMD Ryzen 5 5600G
Executing the stable diffusion text-to-image model on an AMD Ryzen 5 5600G integrated GPU (iGPU).
View ArticleSwitching from Docker to Podman
Some notes about using Podman instead of Docker, on Linux. This has been tested on Podman v3.4.7.
View ArticleEntering in Podman containers
Some commands for interacting with the namespaces of Podman containers.
View Article