21 Mar 2017
I started playing the excellent IOARM wargame on netgarage.
No, don’t be expecting spoilers, hints, or walk-throughs, I’m not that kind of
guy. This is merely a list of interesting reading I’ve discovered to help me
understand the ARM architecture and ARM assembly.
19 Mar 2017
So, during the recent 0CTF, one of my teammates was asking me about RELRO and
the GOT and the PLT and all of the ELF sections involved. I realized that
though I knew the general concepts, I didn’t know as much as I should, so I did
some research to find out some more. This is documenting the research (and
hoping it’s useful for others).
15 Feb 2017
BSidesSF 2017 was, by far, the best yet. I’ve been to the last 5 or so, and had
a blast at almost every one. This year, I was super busy – gave a talk, ran a
workshop, and I was one of the organizers for the BSidesSF CTF. I’ve posted
the summary and slides for my talk
and I’ll update the video link once it gets posted.
I think it’s important to thank the BSidesSF organizers – they did a phenomenal
job with an even bigger venue and I think everyone loved it. It was clearly a
success, and I can only imagine how much work it takes to plan something like
It’s also important to note that our perennial venue, DNA Lounge, (except that
one year we don’t talk about) is having some money
Apparently you can’t spend more than you bring in each year. This is the venue
that, in addition to hosting BSidesSF, also hosts
Cyberdelia. This is a
venue that allows all kinds of independent art and events to thrive in one of
the most expensive cities in the country. I encourage you to reach out and go
to a show, buy some pizza, or just donate to their Patreon. If my encouragement
is not enough, how about some from Razor and
Again, big thanks to BSidesSF and DNA Lounge for such a successful event!
05 Jan 2017
This is my second time playing the SANS holiday hack challenge. It was a lot of fun, and probably took me about 8-10 hours over a period of 2-3 days, not including this writeup.
04 Jan 2017
I recently needed an encrypted, authenticated remote bind shell due to a
situation where, believe it or not, the egress policies were stricter than
ingress! Ideally I could forward traffic and copy files over the link.
I was looking for a good tool and casually asked my coworkers if they had any
ideas when one said “sounds like SSH.”
Well, shit. That does sound like SSH and I didn’t even realize it. (Tunnel
vision, and the value of bouncing ideas off of others.) But I had a few more
requirements in total:
- Bind (not reverse)
- Windows & Linux
- No Admin/Installation required
- Can be shipped preconfigured
- No special runtime requirements
At this point, I began hunting for SSH servers that fit the bill, but found
none. So I began to think about Paramiko, the SSH library for Python, but then
I’d still need the Python runtime (though there are ways to build a binary out
of a python script). I then recalled once seeing that Go has an ssh
package. I looked at it, hoping it
would be as straightforward as Paramiko (which can become a full SSH server or
client in about 10 lines), but it’s not quite so. With the Go package, all of
the crypto is handled for you, but you need to handle the incoming channels and
requests yourself. Fortunately, the package provides code for marshaling and
unmarshaling messages from the SSH wire format.
I decided that I would get a better performance and more predictable behavior
without needing to package the Python runtime, plus I appreciated the
stability Go would provide (fewer runtime errors), so I began developing. What
I ended up with is sshdog, and I’m releasing it today.
- Windows & Linux
- Configure port, host key, authorized keys
- Pubkey authentication (no passwords)
- Port forwarding
- SCP (but no SFTP support)
Additionally, it’s capable of being installed as a service on Windows, and
daemonizing on Linux. It uses go.rice
to embed configuration within the resulting binary and give you a single
executable that runs the server.
% go build .
% ssh-keygen -t rsa -b 2048 -N '' -f config/ssh_host_rsa_key
% echo 2222 > config/port
% cp ~/.ssh/id_rsa.pub config/authorized_keys
% rice append --exec sshdog
[DEBUG] Adding hostkey file: ssh_host_rsa_key
[DEBUG] Adding authorized_keys.
[DEBUG] Listening on :2222
[DEBUG] Waiting for shutdown.
The name is supposed to be a riff off netcat and similar tools, as well as an
anagram for “Go SSHD”.
Please, give it a try and feel free to file bugs/pull requests on the Github