Blogs

Exploiting XXE Vulnerabilities in Apache NiFi

Introduction I’ve based this write up on a fantastic one published by Chris Davis from Counter Hack on the SANS Pen-testing blog. The actual exploit itself is one that has been acknowledged and fixed in the latest public build of NiFi (1.4.0). The reason for this post is purely for education purposes, as I’d worked with XML External Entity attacks in the past; but never fully understood how and why they work.

Continue reading

3D Printing Ethereum Wallet QR Code

Introduction Recently the price of crypto currencies has exploded. Through December 2017 we saw a massive value spike across the board on almost all major currencies, based mostly on the movements of BTC. Whilst I’m not a huge fan of BTC currently (price surge and the networks scalability means that the cost per transaction is around 20USD), I do dabble in Ethereum (ETH). Wallet Address I used to have all my ETH stored in online wallets with my exchange, however recently I had a urge to begin mining currencies which spurred me to setup an offline wallet that I can manage myself.

Continue reading

SANS Holiday Hack Challenge 2017

Introduction The following post outlines the technical steps taken to complete the SANS Holiday Hack Challenge 2017. A copy of the PDF of this post is available HERE North Pole and Beyond Story The Online portion of this years SANS Holiday Hack can be seen in the following overworld map. Each level had a few places that points could be earned: A Physics based Snowball challenge where you were required to complete a set of level specific challenges by directing a snowball around a map.

Continue reading

Toaster Stationary Box

Introduction We recently visited Spotlight, a local craft & knick-knack store in search of a DIY stationary kit that would be assembled and built into a christmas gift for some close friends. After spending a while searching we came across a DIY kit the just required assembly. The kit was ok, and it would have done the job, however the price was a little much for what was effectively just some laser cut MDF.

Continue reading

SpinalTrack - Postural Sleep Monitor

Elevator Pitch SpinalTrack is a sleep monitor kit which provides incite and remediation for children growing up with Cerebral Palsy. Utilising the Walabot 3D imaging capabilities, orientation data of the sleeping body is captured and used to provide feedback on where extra support is needed to prevent spinal curvature and long term damage. Behind the scenes the system makes use of Machine Learning (supervised logistic regression) to help train a postural model that can be used when flagging interesting events and even alerting via Amazon Alexa.

Continue reading

ublox NEO-6M - NMEA Parsing - Part 1

Introduction The purpose of this guide is to clear up some misunderstandings and cement the knowledge I have around the use of the ublox NEO-6M GPS unit. The overall goal of this project is still a little up in the air, however I know that at some stage a firm understand of GPS systems and NMEA string parsing will be very useful. BOM 1x - U-blox NEO-6M GPS Module - $20.

Continue reading