Category Archives: Security

Computer Security, Links and Resources (4)

Previous Post

New and old posts.

Extracting TREZOR Secrets from SRAM
http://saleemrashid.com/2017/08/17/extracting-trezor-secrets-sram/

How Android Fought an Epic Botnet – and Won
https://www.wired.com/story/google-android-chamois-botnet

Performing Concolic Execution on Cryptographic Primitives
https://blog.trailofbits.com/2019/04/01/performing-concolic-execution-on-cryptographic-primitives/

Cryptography That Can’t Be Hacked
https://www.quantamagazine.org/how-the-evercrypt-library-creates-hacker-proof-cryptography-20190402/

Ghidra
https://ghidra-sre.org/
A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission

Hackers Can Take Control of Siri and Alexa By Whispering To Them in Frequencies Humans Can’t Hear
https://apple.slashdot.org/story/17/09/06/2026247/hackers-can-take-control-of-siri-and-alexa-by-whispering-to-them-in-frequencies-humans-cant-hear

The Equifax Breach Exposes America’s Identity Crisis
https://www.wired.com/story/the-equifax-breach-exposes-americas-identity-crisis

Universal Second Factor
https://en.wikipedia.org/wiki/Universal_2nd_Factor

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Computer Security, Links and Resources (3)

Previous Post
Next Post

My $169 development Chromebook
https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/
How Chrome OS, Termux, YubiKey & Duo Mobile make for great usable security

EverCrypt: A Verified Crypto Provider Engineered for Agile, Multi-Platform Performance
https://github.com/project-everest/hacl-star/blob/fstar-master/README.EverCrypt.md

The EverCrypt verified cryptographic provider
https://jonathan.protzenko.fr/2019/04/02/evercrypt-alpha1.html

What the Eff is 2FA?
https://medium.com/shapeshift-stories/what-the-eff-is-2fa-57e1798e88dd

Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
https://snyk.io/blog/malicious-remote-code-execution-backdoor-discovered-in-the-popular-bootstrap-sass-ruby-gem/

Detect pressed keys via microphone audio capture in real-time
https://twitter.com/feross/status/1068038193868460032

It took DEF CON hackers minutes to pwn these US voting machines
https://www.theregister.co.uk/AMP/2017/07/29/us_voting_machines_hacking/

A short history of cyber espionage
https://medium.com/threat-intel/cyber-espionage-spying-409416c794ec

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Computer Security, Links and Resources (2)

Previous Post
Next Post

Privilege Escalation in Ubuntu Linux (dirty_sock exploit)
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html

Severe vulnerabilities uncovered in popular password managers
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/

Extracting a 19 Year Old Code Execution from WinRAR
https://research.checkpoint.com/extracting-code-execution-from-winrar/

Interlace: A Productivity Tool For Pentesters and Bug Hunters – Automate and Multithread Your
https://medium.com/@hakluke/interlace-a-productivity-tool-for-pentesters-and-bug-hunters-automate-and-multithread-your-d18c81371d3d

Quantum Cryptography Market 2019 Industry Size, Trends, Opportunity, Global Growth, Insights and Forecast Research Report 2023
https://risreport.com/01/15/06/quantum-cryptography-market-2019-industry-size-trends-opportunity-global-growth-insights-and-forecast-research-report-2023/

Hackers’ Own Tools Are Full of Vulnerabilities
https://motherboard.vice.com/en_us/article/59pvp8/hackers-own-tools-are-full-of-vulnerabilities

BlackHat 2017: Multi-Stage Attack Targeting Container Developers, Presented by Aqua
http://blog.aquasec.com/host-rebinding-and-shadow-containers-at-blackhat-2017

Tracking desktop ransomware payments
https://www.blackhat.com/docs/us-17/wednesday/us-17-Invernizzi-Tracking-Ransomware-End-To-End.pdf

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez

Computer Security, Links and Resources (1)

Next Post

Old and new resources, about computer security:

Experts Recover AES256 Encryption Key From a PC’s Electromagnetic Emissions
https://www.bleepingcomputer.com/news/security/experts-recover-aes256-encryption-key-from-a-pcs-electromagnetic-emissions/

Critical Vulnerability in JSON Web Encryption
https://auth0.com/blog/critical-vulnerability-in-json-web-encryption/

Differential Fault Attacks on Elliptic Curve Cryptosystems
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.107.3920&rep=rep1&type=pdf

Hackers’ Own Tools Are Full of Vulnerabilities
https://motherboard.vice.com/en_us/article/59pvp8/hackers-own-tools-are-full-of-vulnerabilities

Massive Database Leak Gives Us a Window into China’s Digital Surveillance State
https://www.eff.org/deeplinks/2019/03/massive-database-leak-gives-us-window-chinas-digital-surveillance-state

New TLS Padding Oracles
https://github.com/RUB-NDS/TLS-Padding-Oracles

@try_to_hack Makes History as First Bug Bounty Hacker to Earn Over $1 Million
https://www.hackerone.com/blog/trytohack-Makes-History-First-Bug-Bounty-Hacker-Earn-over-1-Million

How one teenager is making millions by hacking legally
https://www.bbc.com/news/av/technology-47407609/how-one-teenager-is-making-millions-by-hacking-legally

Angel “Java” Lopez
https://github.com/ajlopez
http://www.ajlopez.com
http://twitter.com/ajlopez