syncom

How to combine GPX files into one (for Strava)

I use strava.com (https://strava.com) for my activity tracking. From time to time, I need to combine multiple activities into one for a better data management. Here is how I do it.

1. First, in the page of the individual activity, download the data in GPX format by choosing the "Export GPX" menu. (GPX, or GPS exchange format, is an XML file format for storing coordinate data.) Order the downloaded activity data in time sequence. Suppose we now have three files, "1.gpx", "2.gpx", and "3.gpx" to join, where "1.gpx" is the earlist activity, and "3.gpx" is the latest activity.

2. Open "*.gpx" with a text editor. Look for the XML tag ''. This is the parent of all the '' GPS coordinate samples (points). We need to extract all '' from all the GPX files to combine, and put them, in order, under the '' section. Do this by appending all the '' entries from "2.gpx" and "3.gpx" to that of "

syncom

This instruction describes how to brute force the "Scan" folder's password on a Fuji DocuCentre-IV C2260 Version 
1.8 printer/xerox copier.

The DocuCentre-IV C2260 runs a web server at port 80. Because the HTTP interface is not secured, one could also 
mount a man-in-the-middle (MITM) attack. However, doing a MITM attack is not what we are discussing here. The 
web application at port 80 has an interface (in UI, under the Scan>Folder menu) to which mutiple users deliver
their scanned documents. These folders are password protected. It turns out getting access to such a folder can
be done through a simple HTTP POST command. And this command is not throttled upon access failure. Therefore, it
allows us to automate the authentication process and thus brute force the password. 

syncom

The following bash script hogs CPU resources (and thus drains laptop battery quickly):

#!/bin/bash
# CPU hogger, using 8 threads
hog='dd if=/dev/urandom | bzip2 -9 >> /dev/null'
cmd=$(echo -n ${hog}; printf " | ${hog}%.0s" {1..7};  echo -n '& read; killall dd')
eval ${cmd}

Explaination:

syncom

PIS-RT: Processing In Storage - Rainbow Tables

The idea described in this tech memo is to accelerate rainbow table searches inside the SSD SoC.

A "rainbow table" is a data structure containing precomputed "chains" for reversing cryptographic hash functions, usually for cracking password hashes. A good yet simple instruction of the rainbow table by Kestas can be found at http://kestas.kuliukas.com/RainbowTables/.

RainbowCrack (http://project-rainbowcrack.com/) is a project that generates rainbow tables (for various hash algorithms) and creates tools for cracking hashes using rainbow tables. As can be seen

syncom

This short memo gives instructions on how to build the Microsoft Research's Simple Encrypted Arithmetic Library (SEAL) using LLVM/Clang, and also with the Clang Static Analyzer for software quality/security assurance.

The SEAL Library

The SEAL Library can be downloaded at its website http://sealcrypto.org (it redirects to a Microsoft page). The version of SEAL we use for this demonstration is SEAL_v2.3.0-4_Linux.tar.gz (available at https://www.microsoft.com/en-us/download/details.aspx?id=56202).

syncom

How to Create QEMU ARM Guest on x86_64 Linux Host

This document describes how I created a QEMU ARM (A32) guest on an x86_64 host (Ubuntu on Dell XPS developer edition). The process relies heavily on the arm_now tool. The commands are as follows.

Install dependencies on host Ubuntu machine

mkdir arm-qemu

syncom

The Goal-Threat-Mitigation (GTM) Method for Documenting Security Risks

The Goal-Threat-Mitigation (GTM) method is a framework for documenting security risk analysis (SRA). It is meant to be simple, scientific, and yet scalable with respect to the size of the scenario to analyze. The artifact of GTM is a document/write-up that consists of the following sections.

1. System overview (or scenario description)

This is where we define the problem space, describe the use case

syncom

How to build ipsec-tools (racoon) on Ubuntu 18.04 with ASan

This note describes how to build ipsec-tools (racoon) obtained from the Android repository (https://android.googlesource.com/platform/external/ipsec-tools/) on a Ubuntu laptop machine (Dell XPS 13). The system used for this work is Ubuntu 18.04.2 LTS: uname -a gives

syncom

The why and how of libseccomp

This is my Linux Security Summit North America (LSS-NA) 2019 note taken in Day 1 tutorial session "The Why and How of libseccomp" by Tom Hromatka, Oracle & Paul Moore, Cisco.

• Why libseccomp
  • Focus on containing bugs and limiting the risks - what mitigation is for
• system hardening, access controls, and syscall filtering (libseccomp)

syncom

LSS-NA 2019 Day 3 Tutorial: How to Write a Linux Security Module

This is the note I have taken during the tutorial session "How to Write a Linux Security Module" by Casey Schaufler, at the Linux Security Summit North America 2019.

• Why do you want to write a Linux security module?
• When is Linux security module the right choice?
• Add access control restrictions