Subscribe to the RSS Feed

Paradox - a statement or proposition that seems self-contradictory or absurd but in reality expresses a possible truth.

:: BINARY PARADOX ::

Stepping stone to the /dev/null in the sky

InfoSec



Surf's Up - Exploring CSRF

At The Next HOPE convention in NYC this summer I presented a talk on Cross Site Request Forgery (CSRF) entitled “Surf’s Up – Exploring Cross Site Request Forgery through Social Network Exploitation“.

The idea of the talk was to present the background, theory, and use of CSRF by exploring a vulnerability found in Vampirefreaks that allowed for a password stealing social network worm to be developed. Additionally, some protective measures and attack variations were presented. Overall I feel the talk was a great success and had a blast presenting it.

Surf’s Up – Exploring Cross Site Request Forgery from Daniel McCarney on Vimeo.

The slides from this talk are available under a Creative Commons license in both PDF format and Open Office Impress format

Thoughts on Diaspora

The other day a friend sent me the link to a story about an interesting upstart web project called Diaspora. The article piqued my interest and I decided that I wanted to do some more reading. As usual the reading led to more questions and thoughts. It soon after became apparent that a short reply wouldn’t do things justice.

read more...

Darwinian Security - Evolving the PWN

Lately I’ve been thinking a little bit about experimenting with the amalgamation of Artificial Intelligence algorithms and different aspects of Information Security. I’m hardly an AI expert, but I’ve had some limited academic exposure to the foundation of a few branches of AI research. I think the important thing is that I’ve seen enough of the material to get my mental wheels spinning.

I’ve thought of two specific concepts I think deserve exploration when time permits. I’m posting my interim thoughts here about one of them mainly to garner some constructive feedback and hopefully some resources. I’m an info sec enthusiast, but certainly not an expert. It would be a great help if I could try finding some related journal publications. Due to the… more obscure… nature of the areas of study I’m also interested in any “less formal” (see: ezines, blogs, mailing lists) research that may relate.

read more...

Cracking Local Passwords

For a Network Security Class we were asked to prepare a brief document describing techniques used to crack both Windows LM hashes and Linux Shadow Hashes.

Though covered to death elsewhere I figured I might post it here anyway, just for kicks.

Enjoy!

read more...

Data recovery with Foremost

Recently while traveling in Cuba I had the unfortunate luck to have an entire weeks worth of photos inadvertently deleted off of my digital camera’s memory card. These photos were obviously not something I could have recreated and I hadn’t yet been able to copy them off of the card onto the computer. Was all lost? No! By employing some basic computer forensics skills and some Linux kung-fu I was able to recover ALL of the lost photos.

read more...