• PicoCTF 2018 writeup: A Simple Question

    Here’s a walkthrough of my approximate solution path for the problem “A Simple Question” in PicoCTF 2018. This was a fun problem about nontrivial but not particularly advanced SQL injection. There are probably many other good resources on better techniques than those presented here - I am not an avid CTF player, only dabbling in it a little from time to time - but I hope this can serve as a guide for taking the first steps beyond the bare basics of SQL injection.

    Read more
  • Build log: The "Crazy Circuit Conundrum" for Midnight Sun CTF

    My friend Calle Svensson (@ZetaTwo) recently arranged the Midnight Sun CTF, and wanted to include a challenge about reverse-engineering a custom low-level logic circuit. He asked me to help, since I have tinkered with just that a bunch lately, and I was very happy to. The result of this became the “Crazy Circuit Conundrum” challenge, and in this post I’ll tell the story of this challenge came to be. This obviously included a bunch of soldering and PCB design, but also some brief Boolean logic reasoning and algorithm design, and of course some mistakes.

    Read more
  • This UUID is mine

    I, Emil Lundberg, hereby at the time 2017-05-15T12:57:11+02:00 claim this UUID as an identifier for my person:

    Read more
  • Musings on data, formats and types

    Lately I’ve been attending a study group on learning the Clojure programming language, and with me being a firm believer in statically typed languages there have of course been some discussions of the virtues of statically versus dynamically typed languages. Thinking of it on my way home tonight, I came to think that perhaps it’s not really that much about static versus dynamic types, but rather about documenting the format of data. I would like to expand on this topic in this post.

    Read more
  • Would you ask a man that question?

    Consider this scenario: You’re interviewing a man about his hobby building robots. Would you in this interview ask him a question like “What do you think is your sexiest quality?”

    Read more
  • Project Fulla: Crypto utility USB key - Part 3: Automation

    In the last few posts I’ve shown how to make a USB key for use as an encrypted gateway to unlocking and booting a Linux system. While the setup works, there are a few steps left that could be automated. Wouldn’t it be nice to have everything set up to just update itself without manual intervention on every kernel update?

    Read more
  • Project Fulla: Crypto utility USB key - Part 2: Crypto setup

    In the last post I showed how to set up an encrypted - including /boot - Arch Linux system on a USB drive. In this post I will show how to also set up this same USB drive for use as a “keyring” holding detached LUKS headers and boot files for other machines.

    Read more
  • Project Fulla: Crypto utility USB key - Part 1: Preparation

    For the last couple of years, I’ve carried a couple of USB drives with me: one with a LUKS encrypted volume holding GPG keys, an Arch Linux LiveUSB system and some other useful things, and one holding the /boot partition and LUKS header for decrypting and booting up my laptop. I’ve been meaning to merge the two into one, and finally got around to doing it. This post is the first in a series of three where I will lay out what I wanted to do, and how I did it.

    Read more
  • How to load styles from NPM modules using Webpack

    I spent some time figuring out how to load Bootstrap styles from node_modules in a Webpack build, so here’s how I finally got it to work. The demo project used here is available on GitHub with a step-by-step walkthrough of the changes.

    Read more
  • Stegosaurus: Stupid simple steganography

    Today I managed to nerd snipe myself with steganography, so I threw a little webapp together that wraps steghide with a Node.js HTTP server. It’s just a simple proof of concept, so don’t use it for anything actually important.

    Read more
  • Adresserad casinoreklam

    Idag fick jag ett brev på samma format som sådana där brev med bankkoder, skattebesked och sånt - dubbelvikt med färgad utsida och en perforerad remsa runt tre kanter som en ska dra av. Det visade sig vara reklam för ett casino, eller en “värdecheck” som de kallade det. Jag skummade igenom Marknadsföringslagen, och tyvärr verkar det inte vara olagligt eftersom det kom med snigelpost och inte e-post.

    Read more
  • MATLAB N-D arrays are terrible

    Today I tried to do something like this in MATLAB:

    Read more

subscribe via RSS