VirtualTam's bookmarks

1. Breaking CityHash64, MurmurHash2/3, wyhash, and more... 2024-11-03

   tags: cryptography/hash, programming/c++

   [ permalink ]

   • Hash-flooding DoS reloaded: attacks and defenses (PDF)
2. Home Assistant Config - War Safety 2024-05-29

   tags: country/russia, country/ukraine, map, programming/python, smart-home/home-assistant, war

   [ permalink ]

   This is what war in the 21st century looks like: you can practically monitor a missile or a drone that is trying to kill you right from your phone. This is like a Black Mirror episode in real life.

   • Home Assistant helps me survive during missile and drone attacks. Here is how.
   • denysdovhan/home-assistant-config
   • Home Assistant Integrations - Ukraine Alarm
   • Air Raid Alert Map of Ukraine
3. Crowdsec - Curated Threat Intelligence Powered by the Crowd 2024-05-29

   tags: bsd, linux/iptables, network/firewall, observability/logging, programming/go

   [ permalink ]

   • crowdsecurity/crowdsec
   • Documentation
     • Docker / Podman Deployment
     • Data Sources
     • Parsers
     • Configuration
     • Observability / Prometheus
     • OpenAPI Specification
   • Blog
     • Building a Network for Small Businesses Part 1: Hardware
     • Building a Network for Small Businesses Part 2: Running Configurations
     • Building a Network for Small Businesses Part 3: Attack Scenarios
   • Discussion on HN (2020)
4. Cloudflare Research | OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks 2022-07-12

   tags: cryptography/encryption, security/authentication, security/password

   [ permalink ]

   • https://blog.cloudflare.com/opaque-oblivious-passwords/
   • OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks
   • https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-opaque
   • https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/
5. What is "AWS Security Scanner" in my server logs? 2020-07-31

   tags: cloud/aws, network, security

   [ permalink ]

   • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
   • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
   • https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html
   • https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
   • https://aws.amazon.com/blogs/aws/new-host-based-routing-support-for-aws-application-load-balancers/
   • https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/
   • https://www.reddit.com/r/aws/comments/e18e5n/botexploit_what_is_this_trying_to_do_and_how
   • https://www.reddit.com/r/aws/comments/e18e5n/botexploit_what_is_this_trying_to_do_and_how/f8qympp/
   • https://forums.aws.amazon.com/thread.jspa?threadID=316889
   • https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
   • https://www.wired.com/story/capital-one-paige-thompson-case-hacking-spree/
   • https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/
   • https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/
   • http://www.thecloudavenue.com/2019/08/how-capital-one-hack-was-achieved-in-aws.html
   • http://www.thecloudavenue.com/2019/11/changes-to-aws-ec2-instance-metadata-service.html
6. Login throttling in PHP 2019-01-18

   tags: bruteforce, ddos, programming/php, security, security/authentication, web

   [ permalink ]

   • http://www.omniceps.com/stop-brute-force-attacks-php-throttling/
   • http://miftyisbored.com/a-complete-tutorial-on-login-throttling-and-recaptha-with-laravel-5-3/
   • https://mattstauffer.com/blog/login-throttling-in-laravel-5.1/
   • http://codedevelopr.com/articles/throttle-user-login-attempts-in-php/
   • https://stackoverflow.com/questions/9153554/best-way-to-implement-ban-after-too-many-login-attempts
   • https://stackoverflow.com/questions/2090910/how-can-i-throttle-user-login-attempts-in-php
   • https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication#477585
7. Project Wycheproof tests crypto libraries against known attacks 2019-01-17

   tags: cipher, cryptography, cryptography/encryption, programming/testing, security

   [ permalink ]

   • https://security.googleblog.com/2016/12/project-wycheproof.html
8. bettercap: The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks. 2018-12-26

   tags: bluetooth, network, pcap, security, traffic, wireless

   [ permalink ]

   • https://github.com/bettercap/bettercap/wiki
   • https://github.com/evilsocket/bleah
9. Netflix/chaosmonkey: Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures. 2018-03-26

   tags: chaos, infrastructure, netflix, quality, random, scaling, server

   [ permalink ]

   • https://github.com/Netflix/SimianArmy
   • https://arstechnica.com/information-technology/2012/07/netflix-attacks-own-network-with-chaos-monkey-and-now-you-can-too/
   • https://medium.com/netflix-techblog/netflix-chaos-monkey-upgraded-1d679429be5d
   • https://medium.com/netflix-techblog/chaos-engineering-upgraded-878d341f15fa
   • https://en.wikipedia.org/wiki/Chaos_Monkey
10. Exploiting modern microarchitectures: Meltdown, Spectre, and other attacks 2018-02-05

    tags: hack, hardware, hardware/cpu, meltdown, memory, security, spectre

    [ permalink ]

    • https://fosdem.org/2018/interviews/jon-masters/
    • https://fosdem.org/2018/schedule/event/closing_keynote/
11. Meltdown and Spectre 2018-01-04

    tags: amd, arm, attack, google, hack, hardware, hardware/cpu, intel, memory, research, security

    [ permalink ]

    • https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
    • https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
    • https://www.reddit.com/r/linux/comments/7nybl1/meltdown_and_spectre/
    • https://www.reddit.com/r/linux/comments/7nzsih/intel_was_aware_of_the_chip_vulnerability_when/
    • https://www.reddit.com/r/linux/comments/7nyaku/todays_cpu_vulnerability_what_you_need_to_know/

    Exploits:

    • https://github.com/IAIK/meltdown
12. SHAttered 2017-02-24

    tags: attack, checksum, collision, cryptography/hash, security, sha1, source-code-management/git

    [ permalink ]

    • https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
    • https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/
    • https://news.ycombinator.com/item?id=13719368
    • https://github.com/peff/git/commits/jk/sha1dc
    • https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL
13. Don't Starve | Survive! Collect! Attack! 2013-08-18

    tags: dontstarve, game, hardcore, sandbox, survival

    [ permalink ]

    Don't Starve: the classy, hardcore survival game! Among the obrscure forces that inhabit this strange world, how long will you stay alive?