You can find the full source code for this tutorial in my GitHub repository.
Recently, I participated in a CTF that included a challenge on CBC bit flipping. I learnt about an interesting technique that allows the attacker to arbitrarily change the value of the decoded plaintext in a CBC block cipher.
Block ciphers such as AES encrypt blocks of text at a time, rather than encrypting one bit at a time as in stream ciphers.
In the Cipher Block Chaining (CBC) mode of operation, each plaintext block is XORed with the previous ciphertext block before being encrypted.
This article is inspired by the “X marks the spot” challenge in picoCTF 2021. For the solution to the challenge, skip to the ‘Exploitation’ section.
While SQL injections are one of the most common web application vulnerabilities, its less notorious twin can be equally, if not more dangerous.
XPath is a query language that locates elements in an XML document. Conceptually, it is similar to SQL. Most web applications use relational databases and SQL to store and query large amounts of data. …
Network Scanning is the process of gathering information about devices in a computer network, through employing network protocols. It is especially relevant for network administrators, penetration testers and, well… hackers.
You should know basic Python. Other than that, not much! I will be writing on some basic network theory before getting into the actual code, so if you already know this stuff, feel free to skip ahead!
All code for this tutorial can be found at my GitHub repository.
Communications over networks use what we call a protocol stack — building higher-level, more sophisticated conversations on top of simpler, more…
I’ve recently delved into the wonderful world of computer networking. One of the fun projects I’ve created is a simple chatroom application that facilitates real-time messaging between different clients.
At any point in this tutorial, you may refer to my source code in GitHub. The aim of this tutorial is to introduce some basic networking theory while providing practical socket programming experience. If, at any point, you find that you are already comfortable with the relevant theory, please feel free to skip ahead!
You should know basic Python. Other than that, nothing! In the process of creating this application, you…
I’m a fan of The Zen of Python, which says
There should be one — and preferably only one — obvious way to do it.
But in Python, there are in fact many ways to achieve the same objective. Of course, some ways are more elegant than others and in most cases, it should be obvious which way is better.
We are going to look at list comprehensions, and how they can replace for loops,
filter() to create powerful functionality within a single line of Python code.
Say I want to create a list of numbers from 1…
Time complexity: O(n²)
no_swaps = False
while no_swaps == False:
no_swaps = True
n = 0
for i in range(len(lst) - 1 - n):
if lst[i] > lst[i + 1]:
lst[i], lst[i + 1] = lst[i + 1], lst[i]
no_swaps = False
n += 1
This pandemic has taken a huge toll on my mental and emotional health. In order to keep me occupied and brighten up the lives of those around me, I started on yet another Python project — this time, a WhatsApp bot that sends me random cat pictures, trending memes, the best cooking recipes, and of course, the latest world news and COVID19 statistics.
A virtual environment is an isolated Python environment. Working on a project in an isolated Python environment ensures that project dependencies are kept separate, and allows you to manage Python packages for different projects without breaking system tools or other projects.
For example, if both projects A and B depend on the same library, project C, but use different versions of it, Python would not be able to serve both versions of the library.
We can use virtual environments for projects A and B, and each virtual environment would be able to use their own version of project C without…
Simple is better than complex. Complex is better than complicated.