As a reverse engineer, especially if we deal with embedded system, facing various architecture and its typical system is expected. Sometimes we have no access to the device and got only the firmware. In this condition, our only option is static analysis of the firmware, or it is not? Our goal is to observe and […]

Read More →

It was quite old. On March I deliver a workshop about web security in Depok, Indonesia. The main theme is of course about web security. The presentation slides is avalable on my slideshare. Mostly we were talking about web security with OWASP as our references. The slides is always free and you may spread it […]

Read More →

Android is a popular operating system for handheld and now dominating the market share. Though the there are already exists various cheap devices running android, many of us want want to run android on our PC. I myself has two reasons for this: first to play some games without open my device, and second is […]

Read More →

Android is an operating system for various mobile device, such as mobile phone, tablet, smart TV, etc. The power of android comes from the use of a process virtual machine, dubbed as Dalvik Virtual Machine (DalvikVM) and later Android Run Time (ART), to abstract complicated and varying modules. You write in Java, compile it, and […]

Read More →

Data Encryption Standard (DES) or should be Data Encryption Algorithm, is a symmetric-key algorithm for the encryption of electronic data. Although this algorithm is now considered as insecure, it was highly influental in the advancement of modern cryptography. Most course on cryptography still present DES when they are discussing about block cipher especially symmetric one. […]

Read More →

During penetration testing, we might be lucky enough to exploit a command execution vulnerability. Soon, we want and interactive shell to penetrate deeper. Some approach involving “login” mechanism, such as add new account / SSH key / .rhosts file. However if these approach is not viable then hop would be shell, either reverse shell or […]

Read More →

Socat, a powerful tools you should have in you arsenal. Some say socat is another swiss army knife beside netcat. It is a command line based utility that establishes two bidirectional byte streams and transfer data between them. Socat has been long used for creating a simple forwarder. But, did you know that we can […]

Read More →

Imagine you are in a situation where you are using ISP which do censorship based on DNS. We might use free DNS service but quite often ISP will hijack the traffic and redirect them to their DNS. Another approach is using tool which transfer DNS traffic on top of encrypted channel, for example dnscrypt. However […]

Read More →