Introduction to TLS v1.2

Published: Nov 30 2021

Some notes about how TLS v1.2 (Transport Layer Security) works. The goal explain what is going on in a network traffic dump, the role of the different TLS extensions, the impact of the different cipher suites on security, etc. It includes several diagrams and many references.

Introduction to the Diffie-Hellman key exchange

Published: Oct 19 2021

The Diffie-Hellman (DH) key exchange (and variants thereof) is widely used in many protocols (such as TLS, SSH, IKE (IPSec), Signal, etc.) to bootstrap some symmetric key material which may then be used to secure communication channel between two parties. This introduction focuses on the different ways the DH key exchange is used in practice in several protocols (especially TLS) and the impact of these different approaches on the security. This is intended as a prelude for the upcoming next episodes about how TLS works.

What is in my COVID-19 vaccination certificate?

Published: Sep 22 2021

Manually inspecting the content of a French COVID-19 vaccination certificate QR code. The main intent is to show with a concrete example which data is actually included in the certificate.

Cross-origin/same-site request forgery to RCE in chromedriver

Published: Aug 16 2021

I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not cross-site. In practice, it means it is really only possible to trigger this from another localhost-bound web application.

CSRF to RCE in GeckoDriver

Published: Aug 16 2021

A Cross-Site Request Forgery (CSRF) vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. CVE-2020-15660 has been assigned to this vulnerability. This was fixed by GeckoDriver v0.27.0 in 2020-07-27. This is bug #1648964.

DNS rebinding vulnerability in GUPnP

Published: Jun 24 2021

GUPnP, a GNOME library for Universal Plug and Play (UPnP), was vulnerable to DNS rebinding attacks. This is CVE-2021-33516 and GUPnP issue #24. This was fixed in GUPnP 1.0.7 and GUPnP 1.2.5.

DNS rebinding vulnerability in pupnp and npupnp

Published: Jun 12 2021

I found that pupnp was vulnerable to DNS rebinding attacks. npupnp, a fork a pupnp, was impacted as well. This is demonstrated using Gerbera a UPnP MediaServer.

DNS rebinding explained

Published: Jun 2 2021

A quick summary about how DNS rebinding attacks work. The main motivation for this post is to have a diagram to show when explaining DNS-rebinding attacks.

TUN/TAP interface (on Linux)

Published: May 8 2021

Some notes about using the TUN/TAP interface, especially on Linux.

Firefox DoH DNS rebinding protection bypass using IPv4-mapped addresses

Published: Apr 5 2021

I found that the filtering of private IPv4 addresses in the DNS-over-HTTPS (DoH) implementation of Firefox could by bypassed. This is CVE-2020-26961 and Mozilla bug 1672528. It has been fixed in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5.

Page 1 of 2 | Previous page | Next page | JSON Feed | Atom Feed