My name is Théo, a computer science student interested in information security.
Why not verifying certificates in TLS is bad
• 8 minutes
In this article, we will see why not verifying the validity of a certificate is bad, and how an attacker can abuse this to read everything in the connection if he is in a Man-In-The-Middle position. You can be forced to not verify a certificate for a variety of reasons, like self-signed certificate, or the certificate is not valid anymore but you have to access the server even though. The environment For this demonstration, I will have 3 VMs: 1 server, 1 victim and 1 performing the attack (Man-in-the-middle and TLS proxy).Read More…
MapPTTH MapPTTH is a fast multi-threaded web-crawler written in C. It uses libcURL to fetch files and Lexbor to parse and extract links in the HTML files. It can produce a graph from what it found during the crawl. These graphs can be JPEG, PNG, SVG and other formats. It uses GraphViz to generate them. I wrote it as I couldn’t find any crawler that was fast and easy to use.Read More…
Whoami I’m a French computer science student loving information security and programming. I like to learn stuff about computers, build software and break them. My favorites programming languages are: Python Java C I like to hack on Hack The Box and vulnhub. I also do some capture the flags sometimes (like picoCTF for example). If you are interested, here is my Hack The Box badge: And I also love history !Read More…