Bitcoin's almost 10 year lifespan so far has subjected the technology and its' implementation to all kinds of attack and critical inquiry. Meanwhile the value of Bitcoin as a tradable instrument has also fluctuated wildly as I'm sure you already know. I'm not here to speculate on Bitcoin's so-called value, or the unfortunate aspects of … Continue reading Hacking Deterministic Bitcoin Addresses
Secure Shell (SSH) is an amazing cryptographic network protocol, and it undoubtedly helps secure a huge slice of today's Internet - giving sysadmins robust remote access to their servers, but also so much much more. I've been using SSH on Linux Servers for longer than I can remember. Well, not quite. I do remember those "telnet" days when nobody had … Continue reading Hardening SSH on your Ubuntu Server
I recently finished competing in the AusCERT2016 Capture the Flag (CTF) challenge which ran for 48 hours. Coming in 10th place from dozens of active participants was very rewarding! I entered under the team alias "InsertCoin"- partly to protect myself if I performed terribly(!) but also because I'm currently looking for new work opportunities - and the name subtly describes my current state-of-mind … Continue reading AusCERT2016 CTF – 10th Place!
Whenever I've had the task of personally assisting someone with remediating a compromised web server, I can't help switching into researcher mode. I want to know how the attack has happened, and of course to stop it from happening again, but I'm always intrigued by what the attacker is trying to achieve - and it isn't always … Continue reading How to replace malicious PHP pages with sneaky POST data capture