Artificial truth
archives
|
latest
|
homepage
The more you see, the less you believe.
2023
September
Paper notes: Breaking Bad: Quantifying the Addiction of Web Elements to JavaScript
Snuffleupagus 0.10.0 - Babar the Elephant
Some notes on "Randomized slab caches for kmalloc()"
Making use of pygments' filters with Pelican
August
Book review: Hacks, Leaks, and Revelations
mat2 0.13.4
A sneaky Golang bug
July
Bootloop with a RTX 4070 on Debian with GNOME
Donation campaign 2023 for Nos Oignons
Paper notes - Reversing Anti-Cheat's Detection-Generation Cycle With Configurable Hallucinations
June
Book review: Applied Math for Security
Aperture Science wishes you a great pride month
May
Benchmarking memory allocators at BlackAlps 2022
OTR AKE in Verifpal
Snap inside of proxmox' lxc containers
April
Automatically add trackers to torrents in transmission-remote
Hunting stalkerware, one year later
March
How to rotate OpenSSH keys
Paper review: Intel's Advanced Threat Research Innovation Data Fortify
How to throw your ebook library at ipfs
February
Musings on the security fixes from SPIP 4.1.8
January
mat2 0.13.1
Snuffleupagus 0.9.0 - Elephant seal
The quest for a family-friendly password manager
2022
December
2022 in retrospect
Paper Notes: FineIBT
November
Helix as a glorious modern vim
VNV Nation - Noire
October
Using a Chromebook at work
Paper notes - Chosen-Instruction Attack Against Commercial Code Virtualization Obfuscators
September
Obscura - A Valediction Tour
Paper notes: Midas: Systematic Kernel TOCTTOU Protection
August
Snuffleupagus 0.8.3 - Elephant Gambit
July
mat2 0.13.0
June
Big Bird: killing sqli with graph homomorphisms
Greenfield festival 2022
May
Snuffleupagus 0.8.0 - Woolly Mammoth
April
mat2 0.12.4
Horrible edge cases to consider when dealing with music
March
An abridged History of painting with metal album covers
Lightweight post-exploitation hardening in PHP via call-site freezing and ghetto-CFI with Snuffleupagus
February
Loss of network in Proxmox VE 7 upon reboot
Installing Discord on Debian testing/bookworm
Secure boot on a Thinkpad x230 on Debian and a cursory look at UEFI
A pragmatic non-technical view on the GDPR
Snailmageddon - Swansong for a Snail
January
Grsecurity versus CVE-2021-4034
Using hardened_malloc in Alpine Linux
Running a wargame and sleeping well at night
mat2 0.12.3
2021
December
2021 in retrospect
Performance comparison between isoalloc 1.0.0 and 1.1.0
"Fixing" iwlwifi 0000:03:00.0: Failed to run INIT ucode: -5
Reproducing Tails with rebuilderd
Glitch effect on text in pure css
November
uBlock rules to make twitter bearable
Ten years of MAT
October
Paper notes: SiliFuzz
Playing with Weggli
Malwarebytes' privacy VPN is Mullvad in a shady trenchcoat
Paper notes - Clean the Scratch Registers: A Way to Mitigate Return-Oriented Programming Attacks
September
The medium-term future of Snuffleupagus
August
mat2 0.12.2
Archiving grsecurity and PaX patches
Snuffleupagus 0.7.1 - Proboscideans
July
Disabling 128 bits ciphers on TLS1.3 on nginx
Running tailscale inside of a proxmox container
June
Finding bugs in OpenMW with AFL++ and honggfuzz
May
Fixing "Access forbidden State token does not match" on Nextcloud's Android client
The web browser I'm dreaming of
Highlighting inline PHP code in Pelican
Detecting and annoying Burp users
April
Virtual patching CVE-2021-29447 with Snuffleupagus
WTF FSF
Black Void Cult - Dysphoria
Book review: Crypto Dictionary
March
mat2 0.12.1
Paper notes - Exploitation and Sanitization of Hidden Data in PDF files
Navidrome is accepted in the GSoC 2021
Spectre exploits in the "wild"
February
My writing-code-from-home setup
Debugging an issue between Snuffleupagus and Composer
Porting Snuffleupagus to PHP8
January
Put Signal in your systray on Linux
What remains of Edith Finch
Paper review: Statistical and Combinatorial Analysis of the TOR Routing Protocol
Aquynh's conferencewares
Snuffleupagus 0.7.0 - Los Elefantes
2020
December
2020 in retrospect
mat2 0.12.0
Forcing audio output through a single device on Windows
PHP8, from a security point of view
November
Reven workshop
Disable yubikey autotyping
Snuffleupagus 0.6.0 - Elephant in the room
Security features of musl
Arcane Dimension 1.80
October
Bâ'a - Deus qui non mentitur
AttributeError: 'NoneType' object has no attribute 'cancel' with Calibre
September
On the pervasive presence of military language elements in computer security
Navidrome, a self-hosted jukebox that sucks even less
August
Making dokuwiki's davcal plugin work with Dokuwiki Hogfather
Time to sunset OTR
Edgerouter-X-SFP and fiber at home
July
Snuffleupagus versus recent high-profile vulnerabilities, again!
Tor's IPv6 exit policy idiosyncrasy
June
Snuffleupagus 0.5.1 - Order of the Elephant
Decompressing a multi-stream zlib archive in Python
May
What about something like letsencrypt and ACME, but for bugs?
I won't buy ebooks anymore
April
On defining adult content on the web and Cloudflare
Error loading shared library ld-linux-x86-64.so.2: on Alpine Linux
Mill's formula
March
Airsonic, a self-hosted jukebox that sucks less
Wireguard and forward secrecy for clients
February
Fuzzing python in Python, and doing it fast
MAT2 0.10.1
January
Shrine, a doom2 mod
Friends don't let friends write production software in Python
2019
December
2019 in retrospect
MAT2 0.10.0
November
Metadata on an escort website
Some notes about the exploitation of CVE-2017-8295
October
On reducing the bus factor, school rant edition
Book review: Real World Bug Hunting
September
Nos Oignons at BSides Zürich 2019
Radare2, IDA Pro, and Binary ninja, a metaphoric comparison
Making Ultrasonic work with Airsonic on Java 11
August
Excerpt of a PHP debugging session while working on Snuffleupagus
A short tale on PHP's dns_get_record
July
Cleaning up your gpg keyring after the SKS debacle
On Facebook's pictures watermarking
Snuffleupagus versus recent high-profile vulnerabilities
June
Fixing DMAR: DRHD: handling fault status reg 2 on a thinkpad x230
Snuffleupagus 0.5.0 - Elephant Flats
May
MAT2 0.9.0
On rock climbing and C pointers
April
Obscura - Cosmogenesis
IDA Pro 7+ on Wine
March
Implementing an `eval` allow/blocklist in Snuffleupagus
GDPR complaint email template
Parkway drive
February
MAT2 0.8.0
Fixing snuffleupagus' sloppy-comparison on array_keys for PHP7.4
MAT2 0.7.0
mat2 for the web
January
Making snuffleupagus run on Alpine Linux
Paper notes - Evaluating the effectiveness of current anti-ROP defenses
Intended solutions for 35c3ctf 2018 web "php"
2018
December
2018 in retrospect
Snuffleupagus 0.4.1 - Loxodonta
Adult content on a balkanized web
Paper notes - Block Oriented Programming: Automating Data-Only Attacks
November
MAT2 0.6.0
Donation campaign 2018 for Nos oignons
October
MAT2 0.5.0
Arcane Dimension
Debunking "OSINT Analysis of the TOR Foundation" and a few words about Tor's directory authorities
MAT2 0.4.0
September
Mozilla is still screwing around with privacy in Firefox
Recycling wargames/ctf challenges into papers and Blackhat talks
IDAPython vs. r2pipe
Snuffleupagus 0.4.0 - Oliphant Chuckerbutty
August
Snuffleupagus 0.3.1 - Elephant Arch
MAT2 0.3.0
Diabolus Ex
July
Snuffleupagus 0.3.0 - Dentalium elephantinum
Stare into the lights my pretties
Odds of N random integers not having a common divisor
June
Exploring the Tor dataset with Metabase
Powerwolf at the Download festival
MAT is dead, long live MAT2
May
Mind your keyspace, $airport
We should go to the r2con together, again
Book review - Serious cryptography
April
Confusing Burp's display with fake encoding
Paper notes: Measuring and disrupting anti-adblockers using differential execution analysis
Paper notes: Position-independent Code Reuse
March
Paper notes: return-to-csu: A New Method to Bypass 64-bit Linux ASLR
Snuffleupagus 0.2.2 - Elephant Moraine
Tails aux journées FedeRez 2018
Radare2 is accepted in the Google Summer of Code 2018
February
Paper notes: Towards generic deobfuscation of Windows API calls
Snuffleupagus 0.2.1 - Elephant Point
Ghetto recursive payload in the Burp Intruder
January
Unbound doesn't start on Ubuntu 17.10
Snuffleupagus 0.2.0 - Elephant Rally
Tails 3.4 reproductible build
Lightweight and sexy status bar in vim
2017
December
2017 in retrospect
First release of Snuffleupagus
Paper notes - Spinner: Semi-Automatic Detection of Pinning without Hostname Verification
Accounting for the simple minds with plain text accounting
November
Solving game2 from the badge of Black Alps 2017 with radare2
A headphone for work and travel
October
Snuffleupagus at the hack.lu 2017
You're not a terrorist? Who cares.
Paper notes: Breaking the x86 ISA
September
Defeating IOLI with radare2 in 2017
Paper notes - Code-Reuse Attacks for the Web
August
Please try to build Tails reproducibly
Within the Ruins
Let's go back r2con together
July
A few (lame) post-compromission Suhosin workarounds
Solving OpenVPN authentication failure on Debian Buster
June
Nginx and php scripts that are using the path as argument
Wolfendoom - Blade of agony
Killing php bug classes at berlinsides
May
Cloning my noralsy home badge
April
Playing with the acusensor
March
In Flames
Removing the "Unlocked bootloader" message from the Moto G (falcon)
Solving "warning: Probes-based dynamic linker interface failed." in GDB
February
The Boston Key Party 2017
Firefox own linker on Android
2016
December
2016 in retrospect
Browsing php's source code with woboq's code browser
November
Radare2 at the Grehack 2016
A simple multiports VPN with ferm and OpenVPN
October
MAT is currently on hold
OTR, le chat chiffré garanti sans traîtrise
Sending emails with php inside a chroot
September
Serving utf8 text files with nginx
Defeating crp-'s collide with radare2
August
Lets go to r2con together
July
websec.fr
My Tails talk at the Nuit du Hack 2016
June
From LFI to RCE in php
May
Super-quick review of the openelec box
April
Proof of Fermat's sandwich
March
Expected solution for "Jit in my pants" (Boston key party 2016)
February
Using modsecurity from Python
Hardening Proxmox against physical attacks
January
Solving "failed to store changes into journal (invalid parameter)" with knot
Observium on Alpine Linux
How to radare2 a fake openssh exploit
2015
December
2015 in retrospect
Mat 0.6
Android encryption's resistance against bruteforce, explain it like I'm five
Cyanogen reboot without encrypting the phone
I'm scared
November
Continuous integration for MAT
Exploiting exp200 from Defcamp 2015 finals with radare2
Reversing re200 from Defcamp (D-CTF) final 2015 with radare2
Writing a simple extension/backdoor for Magento
October
Pwning Stackstuff (pwning 150) from hacklu 2015
Nos-Oignons, behind the scene with the adminsys team
Ditching Bind9 for Unbound and Knot
Anne Frank et le domaine public
September
Using the right tools as non-technical people
zpool: undefined symbol: get_system_hostid
Analyse rapide de l'extension anti-phishing pour Firefox du Credit-Mutuel
August
Pwning exploit400 from the Nullcon 2014 CTF with radare2
Pwning sushi from BSides Vancouver CTF with radare2
Cleaning PDF metadata in depth
Defeating the RECon's movfuscator crackme
I've got a new gpg key
July
Anonymous voice communication with Mumble
Forseti
Firefox, you're supposed to be in my pocket, not the other way around.
Data exfiltration via Google cache
June
recon2015, the aftermath
The POOP 2015
Back from berlinside
May
Fighting the idea that torture is justifiable
I'm not really parallelisable
REcon 2015
EAP-PWD - Wifi security done right
April
Exploiting ezhp (pwn200) from PlaidCTF 2014 with radare2
I gave a talk at Telecom SudParis
March
Type your web-application parameters with naxsi
Boston Key party 2015
NoScript script-disabled bypass PoC for Tails 1.3
February
MIN and MAX macro considered harmful
How to bypass Nordnet's internet quota
January
Running Skype in docker
Ditching vim
Improvement of this blog
Social Millionaire's Protocol in OTR
Shoot-out to TransIP
2014
December
2014 in retrospect
Exploiting Zengarden (Boston Key Party 2014, pwn300) with radare2
Conference about ipv6 at the UTBM
November
No Such Con 2014
Extension EXT_texture_compression_s3tc not supported
Rue du commerce est navrant de bêtise.
October
Debugging ROP like a pro
Hack.lu 2014
September
My talks in 2014
August
Anatomy of a shitty crack
Torbundlebrowser.org
PwniumCTF 2014 - kernel (150) with radare2
Ghost - Infestissumam
July
Some funny stories about metadata
Non-zero wait status: 139 with libtap
Tails Hackfest
June
PSES 2014
Tor talk at the UTBM
Chocolate cakes and free software
April
Nuit du Hack 2014 Quals
Nuit du Hack 2014 Quals - Big Momma (misc 200)
Nuit du Hack 2014 Quals - Titanoreine (web 300)
Nuit du Hack 2014 Quals - Windows Forensic (forensic 200)
Nuit du Hack 2014 Quals - Onions rings (misc 150)
Nuit du Hack 2014 Quals - Another One (crypto 300)
My first CVE
March
Don't even try firstheberg
uniqid in php is not even remotely funny
Cracking 10.000 hashes
Proxmox without Java
February
PEiD to Yara, now with Python3!
Defeating ESET2013 - Malware Analyst
Pasthis - A stupid simple pastebin
January
Why you should not use MyCryptoChat
Memory debugging under Windows with drmemory
2013
December
For good
Arcturus
Jitsi: a viable replacement to Skype
November
Defeating crackme03 with radare2
October
Visualising gpg web of trust with python
Mat 0.4
Thoughs on mat's accessibility
My zsh configuration
September
regsvr32 returns 0x80070005
Ova to vmx
August
London
Defeating ioli with radare2
Defeating crp-'s bf with radare2
Defeating crp-'s 888 with radare2
July
Malware in exif
1802: Unauthorized network card is plugged in - Power off and remove the miniPCI network card on X31
Mat 0.4-rc
June
ndh2013 - crackmeimfamous
About ctime and mtime
May
Dumping non-readable binaries
Feed binary stdin from inside gdb
New blog
Reversing of cdorked.A
chapro.A source code
April
0x1d01ebcc
Embed image into a gtk application
March
Deploying dnssec with bind 9.8.0
February
Grsec and grub
January
Labyrinth
Screwing elf header for fun and profit
Mat 0.3.4
2012
December
Defeating Thellurik
Reversing of chapro.A
Elegant xor encryption in Python
A nice evening at Hackgyver with r00tBSD
vim + packet manager = Vundle
November
Absolute value in asm
Fun with python
October
From apache to nginx
September
Pimp my gdb with peda
quick reversing of Wirenet
August
Fun with LD_PRELOAD
Defeating lincrackme2
Defeating lincrackme3 with radare2
Defeating qcrk5
July
Detecting gdb with file descriptors
Fun with __attribute__
May
import cvs to sqlite with qt.
The Debian Administrator's Handbook
Mounting vdi
Autocongratulation
April
Nested enumerations in LaTeX
Arx Libertatis 1.0
MySQL and Qt under Windows
24h des iut informatique
March
mat 0.3.0
Musopen + Python = pymusopen
February
Some funny stuffs about pdf
Functional Python !
2011
August
End of the GSoC
April
Design of MAT and GSoC timeline