Posted on

DYI NAS

This a tutorial for a “Do it your self ” NAS Bay using a Raspberry Pi 3 Model B thanks to techradar for the steps to follow, to enhance the tutorial I wanted to make a video explaining what to do. http://www.techradar.com/how-to/computing/how-to-build-your-own-raspberry-pi-nas-1315968

 

Posted on

Editorial

Hi everyone,

Next 11 November I’ll be at the Hackathon Datascapes organized by the McGill Innovation Week. I’ll tell you about the challenges that we’ll be facing with other developers. This Hackathon is about Montreal city data to help develop decision making tools and improve city services.

Larbi 😉

Posted on

Datascapes 2018 data visualisation

During this last Saturday I had the opportunity to discover the word of data analysis and visualisation.

Data visualisation

Font

Font-type: sans-serif serif
Font size
Fype face / weight: light italics bold
Emphasis: font Font Font

Fewer font types and faces are better
Choose font accordingly

Color

Color contrast
Color theory (use websites that can help with colors)
Fewer colors, use selection helpers
http://w3chools.com/colors (Color schemes)
colorbrewer2.org

Symbologie
Graphical semiotics by Bertin 1974

Charts
Bars
Histograms
Heatmaps
Density functions
If it doesn’t add any value than don’t do it (2d vs 3d excel charts)

Classifications
Quantiles classification (hardest)

User helpers in your charts (User better legend)

Programming tools

R language and R studio are powerful tools to quickly display data into charts and filter data to display big data sets

ggplot2 in R

D3.js

Story maps (visualizing the context)

Here are the data sets that we where using the Hackathon most of them are from the city of Montreal open data website GitHub: https://github.com/CSCDS/datascapes-2017

http://donnees.ville.montreal.qc.ca/

Posted on

Segmentation fault in FFMPEG and LiveOverflow

I want to share with you one of my favorite Youtube channels that goes trough different hacking challenges. In one of it’s last videos LiveOverFlow gives details about a vulnerability discovered by his Paul Cher and his friend Emil Lerner who fuzzed FFmpeg and found several new vulnerabilities. I did a previous post about how to use FFmpeg to download a video from protected TV channel Replay website and as I already worked with this tool previously to build a video multiplexer on the fly so I found it interesting to share with you this Video and Podcast from LiveOverFlow.

The vulnerability here is in the HTTP protocol  re-written for FFmpeg where content-length (using the Transfer-encoding:chunked format that allows to send the value of the length and than the content) is set to a negative integer witch causes a Segmentation fault. That will stop FFmpeg from executing on the target server.

This error was found using the Fuzzing method. By fuzzing the FFmpeg network protocols Paul Cher (using magic fuzzing technics called AFL) was able to reveal segmentation fault. Then he had to find what was causing this segmentation fault by debugging the actual FFmpeg. Here the main think was to rebuild FFmpeg with ASAN Addresssanetizer to detect memory corruption [here a Head overflow buffer overflow recognizable to the fa output in red]. Also to navigate trough the code Paul is using Ctags (reference in bottom).

Protocols are a good target

Capture The Flag competitions

Paul Cher tells LiveOverFlow that the best way he introduced himself to reverse engineering hacking is trough Capture The Flags challenges such as challenges from https://ctftime.org/

New tools to play around with code

AddressSanitizer (or ASan) is an open source programming tool by Google that detects memory corruption bugs such as buffer overflows or accesses to a dangling pointer (use-after-free).

Ctags is a C programmer tool that generates an index file of names found in source and header files of various programming languages.

Update:

A new video came out with more details on how the heap overflow happened.