Hacking Deterministic Bitcoin Addresses

Bitcoin's almost 10 year lifespan so far has subjected the technology and its' implementation to all kinds of attack and critical inquiry. Meanwhile the value of Bitcoin as a tradable instrument has also fluctuated wildly as I'm sure you already know. I'm not here to speculate on Bitcoin's so-called value, or the unfortunate aspects of … Continue reading Hacking Deterministic Bitcoin Addresses

Hardening SSH on your Ubuntu Server

Secure Shell (SSH) is an amazing cryptographic network protocol, and it undoubtedly helps secure a huge slice of today's Internet - giving sysadmins robust remote access to their servers, but also so much much more. I've been using SSH on Linux Servers for longer than I can remember. Well, not quite. I do remember those "telnet" days when nobody had … Continue reading Hardening SSH on your Ubuntu Server

AusCERT2016 CTF – 10th Place!

I recently finished competing in the AusCERT2016 Capture the Flag (CTF) challenge which ran for 48 hours. Coming in 10th place from dozens of active participants was very rewarding! I entered under the team alias "InsertCoin"- partly to protect myself if I performed terribly(!) but also because I'm currently looking for new work opportunities - and the name subtly describes my current state-of-mind … Continue reading AusCERT2016 CTF – 10th Place!

How to replace malicious PHP pages with sneaky POST data capture

Whenever I've had the task of personally assisting someone with remediating a compromised web server, I can't help switching into researcher mode.  I want to know how the attack has happened, and of course to stop it from happening again, but I'm always intrigued by what the attacker is trying to achieve - and it isn't always … Continue reading How to replace malicious PHP pages with sneaky POST data capture