/Null_Cereal/

Information Security News & Posts (with \x00 fibre)

Extracting a list of URLs from a PDF can be difficult. One of the tools that makes it a lot easier is pdf-parser by Didier Stevens.

For now we'll focus on pdf-parser for extracting URLs in PDFs. This is a powerful tool with many uses, the full scope of which is beyond this brief tutorial.

Read more...

regex

I'll start off this post by saying that I DO NOT claim to be a “RegExpert” (Regular Expression Expert). I claim to be an expert in only a couple of things in life:

  1. Knowing how to give good doggos belly rubs.
  2. Not thinking of anything in particular.

But because neither of these things pays the bills (yet), I've found that a little knowledge in regular expressions is a good thing to have. Better, sometimes having resources in your back pocket can be useful.

I'll show a couple of small examples here, but will also give some examples of resources that can help with some of the tricky situations where regex is needed.

Read more...

Disinformation isn’t just a social engineering attack, it’s an buffer overflow attack of the mind.

Most people may not be familiar with an information security vulnerability called a buffer overflow. Here's a small example:

bof

Buffer Overflow attacks work when a program needs to accept input from the user (think of a program that asks for your username, like the example above). The issue is that the programmer uses a function like strcpy() where the size of the destination is not specified. The problem here is two fold: 1. If you throw enough data into this input area, it can crash, resulting in a Denial of Service condition. 2. If you craft a specialized request, taking into account memory allocations, you can trick the program into running almost any code you want it to run.

Read more...

The test of a first-rate intelligence is the ability to hold two opposed ideas in the mind at the same time and still retain the ability to function. F. Scott Fitzgerald

While I can't speak to first-rate intelligence I feel like this quote perfectly describes my role in information security. I do not hold a high-level position, but still, when it comes to influence in business, information security is a topic where even a lowly analyst is given unparalleled access and opportunity.

Because technology is centric to most business functions, any threat to that technology direct impacts the bottom line. This threat cycle is all well known by now. At this point most organizations have methods to determine risk, and threat model certain business decisions. This is part of my job and the basis for this post.

Read more...

I’m a Security Analyst currently living in Florida. I Iove hanging out with my family at the beach, a good book, movie, and milkshake (usually strawberry).

I will be posting information here regarding Information Security news, insights, and opinions (which of course are my own), the regularity of which may not be so.

Contact: infosec@corzinejax.com

Enter your email to subscribe to updates.