Here is a little walkthrough on how to get started with the YubiKey and GPG. After following this guide you will have a secure setup using a YubiKey containing your GPG keys as well as an authentication key that could be used for SSH. Moreover the configured YubiKey will also be capable of U2F and managing a password store (for examples, … Continue reading Configuring YubiKey for GPG and U2F
It was recently shown by the Mirai botnet or Linux/Moose worm that more and more connected devices can run a large scale DDoS. As an example, I'll provide here a small analysis showing that the problem is even more complicated since we sometimes have to live with old devices which have not been updated by Internet providers. A … Continue reading Do not create a backdoor, use your provider’s one !
Introduction The 2015 DBIR report from Verizon contained a small section on mobile malware but the part on iOS said that all alerts on this platform were all false positives that were in fact triggered by Android devices ("most of the suspicious activity logged from iOS devices was just failed Android exploits"). This is great as … Continue reading iOS malware: myth or reality?
Unmanned Aerial Vehicles (UAVs) offer new perspectives, both from a civilian and a military standpoint; yet, they present vulnerabilities having the potential to lead to disastrous consequences regarding public safety if exploited successfully, as evidenced by recent hacks. These repercussions can be prevented by implementing best practices, continuously assessing the technologies used and most importantly … Continue reading Drones – A hacker’s playground
I recently attended the TROOPERS conference, held in Heidelberg, Germany. A lot of interesting research was presented, in this blog post I’m going to summarize selected talks that I particularly enjoyed. The first presentation was by Philippe Teuwen, where he demonstrated his latest attack on white-box cryptography. The idea is to apply existing hardware attacks such as side-channel … Continue reading TROOPERS 2016
During Positive Hack Days V, I made a fast track presentation about eCryptfs and password cracking. The idea came to me after using one feature of Ubuntu which consists in encrypting the home folder directory. This option can be selected during installation or activated later. If you select this option, nothing changes for the user … Continue reading How to crack Ubuntu encryption and passwords
I recently attended the Positive Hack Days V forum which took place in Moscow over two days. Interesting and diverse presentations were given there together with some interesting contests. The first contest started online one week before the forum itself. It was the Hash runner challenge which consisted of cracking password hashes. The algorithms to … Continue reading Positive Hack Days V