OPSXCQ Blog
https://strm.sh/
Recent content on OPSXCQ BlogHugo -- gohugo.ioen-usSat, 10 Nov 2018 00:00:00 +0000Abusing insecure docker deployments
https://strm.sh/post/abusing-insecure-docker-deployments/
Sat, 10 Nov 2018 00:00:00 +0000https://strm.sh/post/abusing-insecure-docker-deployments/Is possible to abuse and escape from containers in several scenarios, in this post I will explore the most basic one: abusing the docker socket to escape the container and run code as root in the host machine.
Table of Contents
Lab setup Attack Information gathering Getting access Escalating privileges Lab setup Since we will be using containers, you have to install docker to be able to run this lab.Bitcoin address generation in pure python
https://strm.sh/post/bitcoin-address-generation/
Fri, 14 Sep 2018 20:19:50 +0000https://strm.sh/post/bitcoin-address-generation/Bitcoin address generation can be split in 4 steps listed bellow:
Generating a secure private key. Calculate the public key from the private key. Encode the public key as a bitcoin address. Encode the private key in the WIF format. Step 1: Generate ECDSA Keypair The very first step is to select a good and secure number, for this example we won’t use one, instead we will simply get the random from the system.Running Cron tasks on docker - The correct way
https://strm.sh/post/cron-tasks-inside-docker/
Thu, 06 Sep 2018 19:22:38 +0000https://strm.sh/post/cron-tasks-inside-docker/While is perfectly possible to use cron inside a container, I strongly advise you to don’t do it. Some of the most important points on why is a bad practice to run cron inside a container:
Your tasks need to be ephemeral as your containers We live in the immutable infrastructure era, there is no need to worry about cleaning up everything before or after your tasks run. Make your scheduled tasks ephemeral as your containers, if something goes wrong, you can inspect the precise state that the container was left.Bitcoin transaction nonce reuse vulnerability
https://strm.sh/post/bitcoin-transaction-nonce-reuse/
Thu, 09 Aug 2018 00:00:00 +0000https://strm.sh/post/bitcoin-transaction-nonce-reuse/This post aims to analyse an attack against the Bitcoin, in this attack were Found 123 vulnerable transactions and 416 private keys were recovered summing up 26.85729198 btcs (2685729198 satoshis) could have been compromised, which at this exact moment worth 166,219.51 dollars.
Cryptographic concept of the attack When the nonce is reused it become vulnerable and result in a trivial equation to be solved.
$$ Key=((r \times (s_1 - s_2))^{p - 2} \mod{p}) \times ((m_1 \times s_2) - (m_2 \times s_1)) \mod{p} $$Linear Programming
https://strm.sh/post/linear-programming/
Sun, 29 Jul 2018 00:00:00 +0000https://strm.sh/post/linear-programming/Linear programming is a mathematical method to achieve the best result for a given problem. This problem is expressed through a mathematical model which represents the real world problem. Also called linear optimization because of it’s essence to optimize a linear objective function.
In other words, linear programming aim to find the optimal input value for the function, value which will also be the optimal solution for the problem. Usually linear optimization is a good method to solve assignment problems which are a fundamental kind of combinatorial optimization problems.