Adam Doupé

Associate Professor, Arizona State University
Director, Center for Cybersecurity and Trusted Foundations

Simple Bash Function: SSH and Keep Same Directory

| Comments

Here’s a quick Bash function that I whipped up to SSH into a server and keep the same directory. The use case for me is that I have a Dropbox shared between my laptop and server. Sometimes I need to run something (experiment, code, whatever) on the server. It was becoming annoying to ssh and then cd to the correct directory.

I call this function sshere (ssh here):

Feel free to use, steal, or adapt to your needs.

picoCTF Preparations

| Comments

Getting Started

picoCTF is an awesome hacking competition aimed at High School students. The great guys at CMU and PPP are putting on this innovative competition. I had some High School students ask for pointers to prepare for the picoCTF. I invited them to our weekly hacking group and talked about the hacking mindset and basic tools. They amazed me with their knowledge—I was cutting my teeth on TI-83 BASIC programming in math class when I was their age.

What follows are my notes on the lecture I gave and the discussion that we had. I hope other young hackers find these resources useful while preparing for picoCTF.

Hacker Mindset

First and foremost, we need to understand how the hacker thinks. How should you think when you’re trying to break a program?

Some Classic Literature Recommendations

| Comments

Recently, a friend asked me to recommend some classic English books for him. He’s Persian and was born in Iran, so it was fun to give him some of my favorite american books. I decided to put that list here in case you’re looking for a book to read.

Catch-22

One of the funniest books I’ve ever read. About WWII and it’s sad and funny at the same time.

A Confederacy of Dunces

The funniest book I’ve ever read. Captures the spirit of New Orleans and the characters are outlandish. Plus the book was published after the author committed suicide, so the whole book’s got a sad tinge.

Overview of Execution After Redirect Web Application Vulnerabilities

| Comments

Hi all, I’m here to talk about a little known web vulnerability that Bryce Boe already touched on. Execution After Redirects are logic flaws in web applications that can lead to Information Disclosure and Broken Access Controls.

What’s an EAR?

Well, an Execution After Redirect (EAR) flaw is when a developer causes an HTTP redirect to occur, typically via a web framework. The developer assumes that execution stops after the redirect, however, execution continues.

Paper Review: Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications.

| Comments

What is this?

In an effort to improve my writing and analysis skills, I’m going to review papers using less than 500 words. This is my first attempt.

Overview

Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications is a paper written by Davide Balzarotti et. al., and was published at the IEEE Symposium on Security and Privacy in 2008.

Compiling Jpcap on 64-bit Ubuntu 10.10

| Comments

Why?

While learning more about clojure, I wanted to do some network sniffing. Following a guide to raw traffic in clojure I needed to install jpcap in order to use libpcap from java.

Jpcap doesn’t provide a 64-bit version so I had to compile my own. Here’s the documentation of how I did it. A patch is provided at the end of the post.

Compiling jpcap 0.7 on 64-bit Ubuntu 10.10

  1. First install sun java on ubuntu 10.10

Configuring Linux Bridge to Act as a Hub

| Comments

So after struggling for a while with this, the answer is surprisingly simple.

For a bridge that you've created with brctl, you can use this simple command:

brctl setageing <bridgename> 0


This command tells Linux to forget every MAC address that it sees on
the bridge, making it act as a hub.

Here's the source.