Parsia's Den

Because no one wants to be the other guy from Wham!

Jul 26, 2015 - 3 minute read - Comments - Octopress Not Security

Image Popup and Octopress

Update: I have migrated the blog to Hugo and I do not use this anymore. However, it is still in the repository.

I finally realized that I need an image popup plugin. The image plugins that I usually use do not support this. They are fine for normal images but not for larger ones. When I see an screenshot of a tool, I want to be able to zoom in. In my quest I looked at a few plugins and methods and finally decided to use https://github.com/ctdk/octopress-image-popup. It creates resized thumbnails automatically and the installation procedure is short and simple.

However, it did not work for me out of the box. I created a test post with just an image and while the plugin worked, there are things that I did not like about it.

Jan 6, 2015 - 27 minute read - Comments - Crypto Reverse Engineering

Tales from the Crypt(o) - Leaking AES Keys

This post is part one of a two part internal blog entry on creating a Pintool for an assessment. Unfortunately I cannot talk about it, so I decided to put the first part out. If I find an opensource program similar to the assessment I will try and recreate the tool (but I am not holding my breath). As this part is essentially a build up, it may not be coherent at times. Alterntively, if you really want to read it, you can join us. We are almost always hiring (let me do the referal though ;).

Today we are going to talk about discovering encryption keys in sneaky ways. We will start with simple examples, do a bit of Digital Forensics or DF (for low standards of DF) and finally in part two we will use our recently acquired knowledge of Pintool to do [redacted].

First let’s talk a bit about the inner-workings of AES decryption. By inner-workings of AES I do not mean the following diagrams that you have seen so many times.

Dec 8, 2014 - 11 minute read - Comments - Reverse Engineering

Pin Adventures - Chapter 1 - PinSolver Mk1

While writing the writeups for the Flare On Challenge 6 I came upon an alternative solution by @gaasedelen to use the number of executed instructions as a side-channel. Recently during an engagement I used Pintool to do [redacted]. Now that I have a bit of time, I decided to use the idea to write such a tool.

As an example, we will use a C program that checks input for a hardcoded value using strncmp. We want to see if it’s vulnerable to this side-channel (number of executed instructions).

Nov 18, 2014 - 2 minute read - Comments - Memory Forensics

Building memfetch on Kali + Comments

I’ve used Disqus to add comments. At the moment, guests can comment and comments do not need to be approved (unless they have links). Hopefully there won’t be much spam to sink the ocassional comment that I think will be posted.

Note: I just wanted to make it work in a hurry. There are probably better ways of doing this.

I stumbled upon the very useful tool memfetch by the talented lcamtuf. The utility is quite old (from 2003 if I recall correctly) and I could not build it using the provided makefile.

Sep 23, 2014 - 78 minute read - Comments - Reverse Engineering

My Adventure with Fireeye FLARE Challenge

These are my (rather long) solutions to Fireeye’s FLARE challenge. This is just not the solution but other ways that I tried. This was a great learning experience for me so I am writing this post to document everything I tried. As a result, this post is somewhat long.

If you have any feedback, please let me know. I spent a lot of time on this writeup and I am always happy to learn new stuff. My email and twitter handle are in the sidebar.

I am a bit late to the party. There were two are now other three solutions posted (that I know of). Check them out.

Sep 21, 2014 - 1 minute read - Comments - Malware Adventure

Malware Adventure

I finally caved in and started to push some of my code to github bitbucket. It is located at https://bitbucket.org/parsiya and is almost empty ;). This is Malware Adventure. It’s a small adventure game I wrote using PAWS. PAWS is Pyhton Adventure Writing System by Roger Plowman. Get it from http://home.fuse.net/wolfonenet/PAWS.htm. It’s great. The game itself is a Python program. You define objects which can be be rooms, items etc. You can read more about it in the readme file at https://bitbucket.