Analyzing noscript usage, and being tracked in the process

When designing the theme for my personal blog, I wanted to make sure that the site would work just fine with JavaScript disabled. All kinds of scripts on this site are merely to add some neat little features here and there. However, this made me wonder about the state of the modern web and its reliance on scripts in the browser. What happens if you strip them away? I checked how websites deal with browsers that don’t allow JavaScript, taking the noscript HTML element as my metric of choice. And although fewer websites broke than I initially suspected, it shows that you don’t need scripts to effectively track people.

Read more.

HackTheBox: Registry Writeup

Registry is a vulnerable Linux machine hosted over at HackTheBox with a difficulty rating of 5.7 out of 10. It hosts a Docker registry with lack of proper authentication. Login credentials can be found looking into a Docker image that can be pulled from said registry. From there, the path to root incorporates tricking a CMS into uploading a web shell and using a backup utility to get access to files that wouldn’t normally be accessible by anyone.

Read more.

Pulling apart the 100% characteristic of FEAL-4

In: Misc /

FEAL-4 provides as gentle of an introduction to differential cryptanalysis as there could possibly be. Hence I found myself a little disappointed at the lack of freely available documentation on that subject. You'll find research papers which (rightfully so) appear very abstract and complex. And if you're a crypto noob as much as I am, then these resources won't help you much or, even worse, discourage you. In this article, I want to sacrifice scientific accuracy for comprehensibility and share my own view on one of the most intriguing aspects — at least in my opinion — of the differential cryptanalysis of FEAL-4.

Read more.