Kafka Experiments Feb 5, 2020 Hey everyone, Here is a small blog post regarding Kafka experiments and “foundations” I’ve started working on. I will also take the opportunity to thank Maxence S. (https://twitter.com/maxenceschmitt) for his precious help on this topic. Instanciating the Jungle! ZooKeeper and Kafka First off, I instanciated a Kafka (and ZooKeeper) instance version: '2' services: zookeeper: image: wurstmeister/zookeeper:3.4.6 expose: - "2181" kafka: image: wurstmeister/kafka:2.11-2.0.0 depends_on: - zookeeper ports: - "9092:9092" environment: KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092 KAFKA_LISTENERS: PLAINTEXT://0. ...
Deploy a Django application through Github Actions Jan 23, 2020 Hi everyone, Here is a small article on how I successfully deployed my Django application through Github actions. Basically, what I needed was pretty simple, as soon as I push a new commit (on master), I want to: connect through SSH on my remote server restart my cfptime service (which will do all the magic) My cfptime.org project is something like ~3 years old and at the beginning, I was deploying by hand and I created a bash script in order to ease this part and this is what it looked like: ...
Throttling policies on specific Django Viewset Jan 14, 2020 Hi everyone! Here is a small article on some experiments I came across with the development of the new cfptime.org version. Goal: I needed to limit (anonymous) visitors on specific API endpoints (especially when creating/posting new Call For Papers to avoid flooding). It turns out someone had similar thoughts and his blog post was pretty interested and helped me a lot. You can find the blog post here: https://www.pedaldrivenprogramming.com/2017/05/throttling-django-rest-framwork-viewsets/. As the author states: ...
Angular 8 Deployment within Github Actions Pipeline Jan 2, 2020 Hello everyone, Here is a small article in order to explain you how I’ve deployed my Angular front-end to a server with Github actions. Context: You might know that I am the developer behind cfptime.org and I’ve had the chance during the holidays to start re-developing the front-end using Angular. If you want to check what it looks like: https://beta.cfptime.org. I’ve longer been a CircleCI user but it seems that the free plan is not enough in order to build my Angular project (and trust me, it’s nothing ground-breaking, just couple of API calls and that’s it). ...
Corelan Bootcamp Review Dec 28, 2019 Time to relieve this blog and I think that a review of the Corelan Bootcamp training is the perfect occasion! I had in mind to try the OSCE certification and I felt I needed to go beyond just basic buffer overflows that you might come by with OSCP for example. I’ve had the chance to attend this training at Hack in Paris in June 2018 and I will try to give as much insights as I can without telling too much (because of NDA). ...
BSidesCBR 2017 CTF Write-Up: Derpchat May 7, 2017 Hey there, Following my serie of write-ups for the BSidesCBR challs, I will discuss the DerpChat one. The instructions for this challenge were: This web-based challenge was worth 275 points. Run docker-compose up and then browse to https://web.shell.dance:4443/. After browsing to https://web.shell.dance:4443/, I arrived on a registration/login page. I registered the account test/test and I finally got a page with two inputs: – One too search some messages I suppose – And one in the middle of the page stating: “Hello, could you please send me the link I was after? ...
BSidesCBR 2017 CTF Write-Up: Needleinahaystack May 6, 2017 Hello everyone! Such a long time since I didn’t post any article. Here is a quick write-up for the BSidesCBR Cryto challenge for “needleinahaystack”. Before diving in the challenge, huge props to all the organizers and OJ for making those challs available to everyone with Docker containers and stuff (more write-ups coming soon). If you guys want to give it a shot, here you go, all challs are available here. The challenge we will discuss in this post (needleinahaystack) is located here. ...
Running SSLScan on 5k servers taken from Alexa's top 10k Jun 7, 2015 After analyzing the HTTP Security Headers from the top 10k Alexa websites, I decided looking at the SSL Ciphers used on those websites. These results are coming from a scan on port 443 for all those domains. Only 4715 servers replied. The OpenSSL version installed on my server did not support SSLv2 so SSLv2 ciphers have not been detected. Here are the results:
Experiments with UPnP Jul 3, 2014 This post deals with recent observations regarding UPnP (Universal Plug and Play) protocol & Routers. In few words, thanks to this protocol, devices (such as file sharing services, games, ..) can be easily connected/deployed. First, I started to do research on my box to find relevant UPnP functionalities by hand, found some but I had trouble to exploit them. Few days ago, David Middlehurst released a tool called “UPnP Pentest Toolkit”. ...
Kioptrix 3 Write-up Jun 12, 2014 This has been some long time I haven’t written another write-up. This one’s for Kioptrix 3 that you can find here. Host Discovery $ nmap -sP 192.168.56.1/24 and we got the IP address : 192.168.56.101. As it was explained, you need to add 192.168.56.101 kioptrix3.com in your /etc/hosts. Fingerprinting Then, let’s find what kind of services are running on the host machine. $ nmap 192.168.56.101 -sV -A Starting Nmap 6.46 ( http://nmap. ...