/dev/posts/

↧

OAuth 2.x and OpenID Connect sequence diagrams

February 5, 2023, 3:00 pm

Some sequence diagrams about OAuth 2.x and OpenID Connect.

View Article

Using a Kap&Link smart card reader with CPS3 smart cards on Linux

February 18, 2023, 3:00 pm

Tutorial on how to get Carte Professionnel de Santé 3 (CPS3) smart cards work with Firefox under Linux with a Kap&Link smart card reader. It has some information to understand the related lingo,...

View Article

Code execution through MIME-type association of Mono interpreter

February 27, 2023, 3:00 pm

A dangerous file type association in Debian which could be used to trigger arbitrary code execution.

View Article

MIME-type spoofing in Firefox/Thunderbird and file managers

March 6, 2023, 3:00 pm

An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.

View Article

Arbitrary file write in Stellarium file association

June 8, 2023, 2:20 pm

I found an arbitrary file write vulnerability (through path traversal) which would be exploited for arbitrary code execution in Stellarium (desktop version).

View Article

Shell command and Emacs Lisp injection in emacsclient-mail.desktop

June 8, 2023, 2:43 pm

Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto: URI.

View Article

Simple terminal image display using the iTerm2 image protocol

August 28, 2023, 3:00 pm

A simple way to display image in a terminal using the iTerm2 image protocol. This is supported by iTerm2, WezTerm, recent versions of Konsole.

View Article

Analysing structured log files with simple tools

September 16, 2023, 3:00 pm

Some tools and other notes when you just want to analyze your structured log files locally using simple tools with a focus for newline-delimited JSON (NDJSON) / JSON lines / JSON Text Sequences.

View Article

Arbitrary code execution through kitty-open.desktop file association

September 22, 2023, 3:00 pm

In Debian kitty package, the kitty-open.desktop file would associate kitty +open with several MIME types. This could be used to arbitrary trigger code execution by serving a file with such a MIME...

View Article

Protocol Stack Diagrams

December 19, 2023, 3:00 pm

A collection of ASCII-art protocol stack diagrams.

View Article

The OpenSSH client has a lot of very powerful features for tunneling applications through a SSH connections and is one of my favorite tools for quick-and-dirty network plumbing tasks. It can be very...

View Article

Notes on X3DH

May 8, 2024, 3:00 pm

Some notes on X3DH (Extended Triple Diffie-Hellman).

View Article

UMA 2.0 diagrams

June 16, 2024, 3:00 pm

Some diagrams (mostly sequence diagrams) about UMA 2.0.

View Article

On ad blockers

September 7, 2024, 3:00 pm

An interesting note from the FBI.

View Article

WebSub sequence diagram

October 21, 2024, 3:00 pm

A sequence diagram for WebSub.

View Article

Bypassing XSS filters

November 19, 2024, 3:00 pm

In this post, I am describing some payloads which I used to bypass two distinct XSS filter implementations (such as Web Application Firewalls (WAF)) as well as the approach to design them.

View Article

GitHub Copilot instructions

December 25, 2024, 3:00 pm

Extracting the system prompt from GitHub CoPilot.

View Article

Transformer-decoder language models

January 6, 2025, 3:00 pm

Some notes on how transformer-decoder language models work, taking GPT-2 as an example, and with lots references in order to dig deeper.

View Article

Exposing services in/out Podman containers

January 26, 2025, 3:00 pm

Some more tips for interacting with the namespaces of Podman containers.

View Article

Neural Network Distillation

January 29, 2025, 3:00 pm

Overview of neural network distillation as done in “Distilling the Knowledge in a Neural Network” (Hinton et al, 2014).

View Article