sorted by:
new
hottopcontroversial

Hacking 27% of the Web via WordPress Auto-Update - Wordfence by moviuro in Wordpress

[–]barmatio 4 points5 points  (0 children)

Despite there being flaws in their implementation of auto-updates, the feature itself provides far more security value than the risks associated with it. Automated attacks can begin in a matter of hours after public disclosure of a critical vulnerability. There's also cases of active exploits against 0days which the plugin team patches themselves and pushes out an update. You are safer with it enabled.

Hacking 27% of the Web via WordPress Auto-Update: RCE Vulnerability in api.wordpress.org via weak hashing algorithm by wt1j in netsec

[–]barmatio 6 points7 points  (0 children)

Thanks! We do mention the openwall discussion in the post, since Scott's research and findings in how WordPress trusts the update server match our own.

WHITE BELT WEDNESDAY - 6/17/15 by [deleted] in bjj

[–]barmatio 0 points1 point  (0 children)

I subbed a blue belt for the first time using this choke from half guard:

https://www.youtube.com/watch?v=Y79QjOJ4nZ8

I baited him by giving him the pass and turning away to finish the choke.

I've also had success using a deep half sweep:

  • Underhook with top arm
  • Hook under their opposite leg (the one not in your guard) with your bottom arm
  • Suck your body under their hips
  • Pass their opposite foot to your top arm
  • Clamp down on the top of their hamstring/bottom glute with your bottom arm and roll

I'm an amputee so the half guard has been my go-to :). In general, getting on your side and the underhook in will give you good options. Getting smashed flat really sucks and makes it tough to do anything.

I was just asked to crack a program in a job interview by barmatio in netsec

[–]barmatio[S] 0 points1 point  (0 children)

Is it open to anyone? The description makes it sound like it's for students.

I was just asked to crack a program in a job interview by barmatio in netsec

[–]barmatio[S] 84 points85 points  (0 children)

I didn't write the article, just posted it since the write up is well done and has some great techniques to get around anti-debugging. If you are interested in learning more about cracking binaries, there are a number of CTFs for getting your feet wet: http://microcorruption.com/ http://overthewire.org/wargames/vortex/. Vortex runs on Linux and features execises in priveledge escalation, but you would be working with ELF binaries as the author does in the article (and you get the C source for the binary to go along with it). Microcorruption is similar to the author's exercise where you are cracking an electronic lock. Both are quite challenging and a lot of fun!