All about passwords

Everyone uses accounts every single day; people share their thoughts, pictures, political views, and probably way to much for any soul to see on social media. We bank and do our taxes online, watch movies, play games, etc. And with all these accounts comes passwords. But we humans are a lazy bunch, trying to find the easiest way to remember passwords. The truth is, there is no easy way to remember passwords. The best password is one you can't remember.
A popular and very true statement on Reddit says: "If the media stopped saying "hacking" and instead said "figured out their password", people would probably take password security a lot more seriously".

Update July 2017

Wanted to give you guys an update with what I've been working on and how I spent my time the past half year.

Black Hat USA 2017
Everybody knows Black Hat, one of the most well known InfoSec conferences in the world. Black Hat has a student scholarship program which I signed up for. By my own surprise I was granted an Academic Pass to attend Black Hat USA 2017! Unfortunately I'm still a broke college student and couldn't afford to go to Las Vegas for three days. Attending Black Hat or Def Con has been a dream of mine since I started reading up on cyber security.

Get notified!

Join the list and get notified when new blog posts are added!


CVE-2016-5195: Dirty COW explained

Just recently CVE-2016-5195 or 'Dirty COW' was fully disclosed. This is a Linux Kernel 2.6.22 < 3.9 (x86/x64) race condition which can lead to local privilege escalation. Meaning any user (or any malicious application for that matter) on a vulnerable linux host can access root, unauthorized. This exploit is very serious due to many reasons. First, the problem lies deep within the linux kernel, this is the base which almost every linux distro is built on, from the last nine years or so. Including Ubuntu, CentOS, RedHat and Debian. Second, it 's a very easy and reliable exploit to implement in malicious payloads. And finally, it has been found in the wild by Phil Oester which means it has probably been used for years. The original coder of the exploit is unkown which makes this so much more serious than it already is.

Finding websocket data leak in

As an avid gamer I will always support local esport services. One of them being Kayzr (previously besports), a Belgian based esports tournament organiser. While using their website I noticed a LOT of javascript, my analyzer gave Ink, Meteor, Moment.js, React, underscore.js, etc... And with a lot of client-sided generated content comes a lot of risks.

Websocket is well build with a ton of websocket traffic in order to load all the different modules on the site which creates a fast - but not very responsive ;) - website with some very cool features. With chrome we can analyze all this traffic.