So, there’s a trojanized version of PuTTy circulating around.

There’s this report here posted by Cisco. If tl;dr then in a nutshell this is the case. Someone created a backdoored version of PuTTy. You can get infected if you search for PuTTy and download it from an untrusted mirror. Btw, someone can verify the integrity of the files through MD5, SHA-1 (Sidenote: both are known not be secure), SHA-256 and SHA-512.

Continue reading

Are we there yet?

There’s this constant debate when it comes to applications. Is open source software more secure than proprietary software? Is it the other way round? In a nutshell, my point on the topic is that this comparison is wrong and the metrics are wrong as well. The amount of facts we have is not enough to make a comparison. Continue reading

An unofficial guide on getting a job

This originally was a guide I built for my friends and for me. They wanted a guide to help them find a job and I wanted to go over those mistakes I did in the past. I am not related to HR so use it carefully. Continue reading

From Leviathan 6 to Leviathan 7

Another CTF post, but this time, this is not a walkthrough.
There are some nice CTFs hosted here that I always forgot to play. The following post is about different approaches and obviously it is meant for newcomers. I am pretty sure that an experienced CTF player came up already with my solution.
Continue reading

n00bs CTF Lab write-up

Infosec Institute launched a CTF challenge some days ago. Due to a lot of free time, I decided to take a look and have some fun.

Continue reading

LiveHTTPHeaders patched, almost.

Long story short, like most of the people who are into infosec, I like my tools. I also like updates. And some times those things don’t work right. Although I usually prefer Burp, from time to time LiveHTTPHeaders proved to be a fast and efficient way of detecting bugs, anomalies etc due to the Replay future. Eventually the Replay future broke and wouldn’t work. So I debugged it. And I “patched” it.

Continue reading

Kids and programming

I was watching a TEDxAcademy talk about teaching programming to kids. The speaker (Nikos Michalakis) was talking about a need to teach our kids how to program. He even took the whole concept further by building a couple of “languages” for kids aged 3-12 to learn how to program by giving orders to their parents. Although this concept is nice, is there truly a need for kids to learn how to program?
Continue reading

Ώστε υπήρχε τόσα χρόνια ιδεολογική ηγεμονία της αριστεράς ε;

Αν και το συγκεκριμένο blog δεν χρησιμοποιείται για πολιτικά posts αλλά κυρίως για posts που αφορούν την τεχνολογία, θα μου επιτραπεί -μεταξύ άλλων είμαι ο root εδώ (tech joke)- να γράψω κάποιες απόψεις μου και ταυτόχρονα να γράψω και ελληνικά γιατί θα μας πέσουν τα μαλλιά στο τέλος.

Τις τελευταίες μέρες, στο ελληνικό κομμάτι των social media, διακινείται αυτό εδώ το άρθρο. Το άρθρο αυτό, το οποίο στηρίζεται σε μια καραμέλα που κατά καιρούς αναμασά η κυβέρνηση και διάφοροι άλλοι, στηρίζεται στο εξής απλό σενάριο. Η χώρα περνάει μια κρίση. Για την κρίση αυτή ευθύνονται ορισμένες επιλογές. Τις επιλογές αυτές τις έκαναν το ΠΑΣΟΚ και η ΝΔ. Για να γίνουν αυτές οι επιλογές από την κυβέρνηση, υπήρξε πίεση από κάποια σωματεία. Τα σωματεία αυτά ελέγχονταν από αριστερούς οι οποίοι ονειρεύονταν μια σοσιαλιστική δημοκρατία σοβιετικού τύπου.

Continue reading

Con the con man

Security expands beyond informations and systems. It reaches people and affects their lifes and part of somebody’s life is their money. When it comes to scams, the most common trick is easy money. People want easy money. Although the number one priority is raising user awareness about scams, this post is not about raising any user awareness. It is mostly targeted to people who are either part of the field or want simply to have fun.
Continue reading

StealRAT botnet, resurrected?!

Background first:
A follower, which is btw a sys-admin or a jack of all trades, says he has a malware sample for analysis, Saturday night that is, and if anyone is willing to analyze it should drop him a DM. I did. I got a zip containing some logs, a PHP script poorly deobfuscated and the original PHP script with the code “obfuscated”.
Continue reading