antirez

    dictForeach(d,entry)
        printf("%s -> %s\n", dictGetKey(entry), dictGetVal(entry));
        dictForeach(d2,entry2)
            printf("* %s\n", dictGetKey(entry2));
        dictEnd
    dictEnd

azet

 for dir in `find . -maxdepth 1 -type d | tail -n +2`; do cd $dir ; echo "pulling $dir" ;  git pull || ( echo "failed in '$dir' - cd to original dir." && cd - 1>/dev/null ; exit 1 ) ; cd - 1>/dev/null ; done

koenrh

RSA Conference 2014: cancellations

List of people who have cancelled either their session (e.g. talk, panel participation or seminar) at RSA Conference 2014.

Date	Name	Job title	More info
2014-01-20	Roel Schouwenberg	Senior Researcher, Kaspersky Lab	Tweet
2014-01-09	Jim Manico	Global Board Member, OWASP and VP of Security Architecture, WhiteHat Security	Tweet
2014-01-09	Eoin Keary	Global Board Member, OWASP and Director, BBC Risk Advisory	Tweet
2014-01-07	Chris Palmer	Software Security Engineer, Google	[Tweet](https://twitte

defuse

#!/bin/bash
# primes.sh -- @DefuseSec

echo -n >/tmp/primes.txt

# Generate 1000 primes.
for i in {1..500}; do
    # Use 192-bit keys for speed (could potentially mask RNG bugs that only affect bigger keys)
    openssl genrsa 192 2>/dev/null | \
        openssl rsa -text 2>/dev/null |\

azet

#!/usr/bin/env bash
#
# Retrieves MX and A records for 'Alexa Top 1 Million' hosts
# and prints them as pretty formatted JSON objects to stdout.
#
# *Optional* parallelism support with GNU Parallel (recommended):
#     $ sudo apt-get install parallel
#
# Authors: Aaron Zauner <azet@azet.org>
# License: CC0 1.0 (https://creativecommons.org/publicdomain/zero/1.0)

azet

So this happened: phrack changed it's format and posted a nice analysis of the 
(nowadays missing) hacker community and societal behaviour of hackers in 
general: http://phrack.org/papers/fall_of_groups.html
 
This article reflects a lot of thoughts I've had over the last couple of 
months. In a very positive way.
 
 
Yea sure, the scene we grew up in changed to what has now become a bullshit 
business like any other. Originality is scarce and every time I see SQLi or 

peternguyen93

#!/usr/bin/python
# Author : peternguyen

from Pwn import *

# p = Pwn(mode=1,port=8887)
p = Pwn(mode=1,host='52.193.196.17',port=56746)

def select(op):
	p.read_until('Your choice: ')

nabla-c0d3

#!/usr/bin/env python

import sys, socket, thread, ssl
from select import select

HOST = '0.0.0.0'
PORT = 5222
BUFSIZE = 4096

# Change this with the first two bytes of the SSL client hello

defuse

This was a comment I posted on bcrypt-ruby/bcrypt-ruby#43 (before I realized that issue was 5 years old!) which got deleted so I moved it here.

Let's make the attack concrete to see if it works. I have a dictionary of 2³² candidate passwords I want to try against a user account. I know the user's salt. There is no rate limiting. Ideally, it should take 2³² online queries to search through all of my candidate passwords. Here's the attack:

1. Using my knowledge of the salt, I hash ~2¹⁶ random preimages until I find one for every possible 2-byte prefix of the hash.
2. Now I send each of those 2¹⁶ preimages in turn to the server and observe the side-channel. I may have to repeat this a few times in order to improve the SNR, let's say 100 times. So in 100*2¹⁶ online queries I learn the first 2 bytes of the hash.
3. Now that I know the first 2 bytes of the hash, I do 2³² offline work to hash all of my candidate passwords a

defuse

# This is well-known behavior, it's just interesting.
$ mkdir a
$ echo "hello!" > a/file.txt
$ cat a/file.txt
hello!
$ chmod 000 a/file.txt 
# Now I don't expect to be able to change a/file.txt...
$ echo "GOODBYE" > a/file.txt
bash: a/file.txt: Permission denied
# Okay, good, I can't modify the file directly.