Tag: python

ctf/hackathon

HackTheBox Registry Write-up

Dominik Muhs

Registry is a box rated at hard difficulty. There are quite a few steps involved, but with a bit of persistence and little experience with Docker internals (hint hint), it looks more daunting than it actually is. Let's go through the process of breaking in step by step! Out initial nmap scan is as unexciting… Continue reading HackTheBox Registry Write-up

web3

Construct Truffle Artifact Source Lists

Dominik Muhs

Photo by Andrea Piacquadio from Pexels This is a quick and dirty workaround for an issue that has been bugging me a lot. Truffle is one of the central, if not the most central development tool for building smart contracts on Ethereum to date. When compiling a Truffle project, the output is stored in build/contracts by default. An… Continue reading Construct Truffle Artifact Source Lists

ctf/hackathon

HackTheBox Postman Write-up

Dominik Muhs

Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let's start out by scanning the machine: # nmap -sS… Continue reading HackTheBox Postman Write-up

web3

The Web3 API has come to Python!

Dominik Muhs

Last week I received an email in my inbox about a hackathon hosted by the awesome folks over at Amberdata. They are a provider for on-chain data and cover a large variety of blockchains - including Ethereum, Bitcoin, and Stellar. I have met the developers in the team in late 2018 when I was looking… Continue reading The Web3 API has come to Python!

ctf/hackathon

The 36C3 Telnet Challenge (a.k.a. Cat CTF)

Dominik Muhs

This is a write-up from the 36th Chaos Communication Congress, 2019. It has been my fourth Congress. Timed shortly after Christmas, it feels like meeting a second kind of family after the holidays. Hackers from all over the world gather in Leipzig to celebrate the weirdness of our community, break technology, learn new things, and… Continue reading The 36C3 Telnet Challenge (a.k.a. Cat CTF)

software engineering

The Thing about Mutable Default Arguments in Python

Dominik Muhs

Yesterday I stumbled across some code like this… def search_children(statespace, node, start_index=0, depth=0, results=[]): if depth < MAX_SEARCH_DEPTH: n_states = len(node.states) if n_states > start_index: for j in range(start_index, n_states): if node.states[j].get_current_instruction()['opcode'] == 'SSTORE': results.append(node.states[j].get_current_instruction()['address']) ... The semantics of the code don’t really matter here. Still spot the bug? It’s a very common Python gotcha… Continue reading The Thing about Mutable Default Arguments in Python

software engineering

Quick Hack: Generating PDFs with Python and XeTeX

Dominik Muhs

A friend of mine is following a PhD in a non-technical field. And his boss is a bully. Work mainly happens with high-level statistical analysis tools. No one knows anything about programming and most problems are solved by hand. While on a positive note this means good chances to get a student job, it also… Continue reading Quick Hack: Generating PDFs with Python and XeTeX

software engineering

Converting MySQL Table Data to a Graphml File

Dominik Muhs

I recently found myself in the situation where I was given access to a huge MySQL database that contained network traffic flows and IDS signature match data. As I work a lot with graph-based approaches, I needed to convert the table’s flow data into a graphml file for later visualization and analysis with scripts I… Continue reading Converting MySQL Table Data to a Graphml File