Aeonn.dev

Why not verifying certificates in TLS is bad • TLSs Jan 13, 2022 • 8 minutes

In this article, we will see why not verifying the validity of a certificate is bad, and how an attacker can abuse this to read everything in the connection if he is in a Man-In-The-Middle position. You can be forced to not verify a certificate for a variety of reasons, like self-signed certificate, or the certificate is not valid anymore but you have to access the server even though. The environment For this demonstration, I will have 3 VMs: 1 server, 1 victim and 1 performing the attack (Man-in-the-middle and TLS proxy).

Welcome on the first part of this introduction to the Java Virtual Machine ! In this introduction, we will discover how the Java Virtual Machine works, its structure, how programs are loaded and executed, the Java bytecode and what are class files. This introduction expects that you know how to program in Java. Some background with executable and bytecode can help you to grasp faster some concepts but this is not required.

My projects

MapPTTH MapPTTH is a fast multi-threaded web-crawler written in C. It uses libcURL to make HTTP requests and Lexbor to extract links from the HTML files. It can produce graphs from the links found during the crawl. Graphs can exported to various formats like JPEG, PNG or SVG. It uses the GraphViz library to represent them in memory and generate the images. I wrote it as I couldn’t find any CLI crawler that was fast and easy to use.

About me

Whoami I’m a French computer science student loving information security and programming. I like to learn stuff about computers, build software and break them. My favorites programming languages are: Python Java C I like to hack on Hack The Box and vulnhub. I also do some capture the flags sometimes (like picoCTF for example). If you are interested, here is my Hack The Box badge: And I also love history !

Aeonn.dev

Welcome!

Articles