2017-07-06
Variadic null-pointer check macro In C, raw pointer handling is one of the most common things that one will do. Given that pointers can be NULL, it is important to check them prior to every possible use.
As such, in C one ends up writing something like the following quite often.
int foo(int* ptr1, void* ptr2, struct Bar* ptr3) { if(NULL == ptr1 || NULL == ptr2 || NULL == ptr3) { //indicate an error as we need all pointers to be !
more…
2016-11-02
Open Source Security Podcast Episode 8 Listener Feedback This is a lengthy one, so grab yourself a beverage and something to eat before reading on.
In episode 8 of the Open Source Security Podcast, the hosts talked about the issue of having a small chance of false-positives for probability-tested prime candidates, and they expressed their desire to have either a means to prove the primality after generation and/or to generate primes that come with a "certificate of authenticity".
more…
2016-10-11
This is going to be a short one, so this is more of a Q&A style – It implicitly assumes OpenSSH.
Why Custom SSH Moduli? Because it is fun to do You get way better probability guarantees for the primality if doing it right Custom moduli = spy agencies have to work a little harder How? The short version ssh-keygen -G moduli.candidates -b <len> -M 127 ssh-keygen -T moduli -f moduli.
more…
2016-09-11
ThinLTO from Clang 3.9 onwards on Fedora 24 On September 2nd 2016, llvm released version 3.9 . With that came the long-awaited ThinLTO functionality, see this blog post from llvm about it.
However, there are some caveats for getting ThinLTO to run under Fedora.
The biggest one is the actual «Clang for Fedora23 x86_64 Linux» package off the official download site as this doesn’t include the required LLVMgold.so plugin for ld.
more…
2016-03-03
Analysis of a Javascript dropper for Locky Several days ago, I received an obvious spam with a zip attachment that contained a javascript file inside of it.
So after taking the normal precautions when dealing with potentially hazardous bits&bytes, I started to make my way through that js file.
After it had become obvious that it was indeed hazardous, I immediately uploaded both the zip and the js file to virustotal, and got the categorization of Locky for the submitted js.
more…
2016-03-03
Analysis of a TeslaCrypt spam attachment Got this yesterday in my spam folder. After working through the js-in-zip attachment beneath, I uploaded it to virustotal and got the classification of TeslaCrypt for the js and the actual downloaded binary.
Virustotal results js zip exe JS Walkthrough functions with a readable name were, surprise, renamed by me.
function runScript(GJaRFJrtZko) { var script_shell = WScript.CreateObject("Wscript.Shell"); script_shell.Run(GJaRFJrtZko, 0x1, 0x0); } function getTempPath(PtUAL, LlFXs, FlysN) { var mkLge = "NdGVLQ Bpp pt.
more…