ctf/hackathon

HackTheBox 0ld_is_g0ld Write-up

Dominik Muhs

0ld_is_g0ld is a HackTheBox challenge and a great way for beginners to familiarize themselves with PDF password cracking. If you have used Hashcat before, it's an easy win. Verifying we indeed are targeting the correct file format: $ file 0ld\ is\ g0ld.pdf 0ld is g0ld.pdf: PDF document, version 1.6 We can extract the hash using… Continue reading HackTheBox 0ld_is_g0ld Write-up

software engineering

The Thing about Mutable Default Arguments in Python

Dominik Muhs

Yesterday I stumbled across some code like this… def search_children(statespace, node, start_index=0, depth=0, results=[]): if depth < MAX_SEARCH_DEPTH: n_states = len(node.states) if n_states > start_index: for j in range(start_index, n_states): if node.states[j].get_current_instruction()['opcode'] == 'SSTORE': results.append(node.states[j].get_current_instruction()['address']) ... The semantics of the code don’t really matter here. Still spot the bug? It’s a very common Python gotcha… Continue reading The Thing about Mutable Default Arguments in Python

software engineering

Low-level Debugging of Stubborn Docker Containers

Dominik Muhs

A few weeks back I have started contributing to the awesome Mythril project. Mythril is a security scanner for smart contracts that allows everyone to look for vulnerabilities on- and off-chain by being able to analyze raw smart contract code, as well as the actual Solidity code file. To make setting it up more easy,… Continue reading Low-level Debugging of Stubborn Docker Containers

software engineering

Quick Hack: Generating PDFs with Python and XeTeX

Dominik Muhs

A friend of mine is following a PhD in a non-technical field. And his boss is a bully. Work mainly happens with high-level statistical analysis tools. No one knows anything about programming and most problems are solved by hand. While on a positive note this means good chances to get a student job, it also… Continue reading Quick Hack: Generating PDFs with Python and XeTeX

software engineering

Converting MySQL Table Data to a Graphml File

Dominik Muhs

I recently found myself in the situation where I was given access to a huge MySQL database that contained network traffic flows and IDS signature match data. As I work a lot with graph-based approaches, I needed to convert the table’s flow data into a graphml file for later visualization and analysis with scripts I… Continue reading Converting MySQL Table Data to a Graphml File

software engineering

Parsing KMZ Track Data in Python

Dominik Muhs

A few days back I stumbled across an interesting problem. I was asked to develop a solution that was doing some analysis work on geolocation data stored in KMZ format. Existing solutions like fastkml (64KB) and pykml (42KB) seemed nice at the first glance, proved to be unnecessary overhead, however. They’re mostly meant to manipulate… Continue reading Parsing KMZ Track Data in Python

software engineering

Visualizing IP Network Graphs in Python

Dominik Muhs

For some research on botnet host detection in large-scale networks, I found myself in the situation that I had to apply a set of algorithms to a huge packet dump. To comprehend an amazing paper, I started to play around with the dataset and tried to reproduce the results presented in the whitepaper. Quickly I… Continue reading Visualizing IP Network Graphs in Python

software engineering

Code Checking with Git Hooks and Flake8

Dominik Muhs

We all have that special someone in our life. Someone who dares to commit and push something like this into the master-branch: import math, os, sys def test_function(one, two, three, four, five): from test.utils import * print x; print y if two==three and (four!=five or one!=three) and (sqrt(four)==two or sqrt(two)==one): return math.ldexp( one, two )… Continue reading Code Checking with Git Hooks and Flake8