I had the opportunity to talk about the story of great man Léon l’Africain and talk about what he inspired me. Thanks to Coin de page and a special thanks to Jean-Simon Côté, François Rousseau et Audrey Létourneau.
This a tutorial for a “Do it your self ” NAS Bay using a Raspberry Pi 3 Model B thanks to techradar for the steps to follow, to enhance the tutorial I wanted to make a video explaining what to do. http://www.techradar.com/how-to/computing/how-to-build-your-own-raspberry-pi-nas-1315968
Next 11 November I’ll be at the Hackathon Datascapes organized by the McGill Innovation Week. I’ll tell you about the challenges that we’ll be facing with other developers. This Hackathon is about Montreal city data to help develop decision making tools and improve city services.
During this last Saturday I had the opportunity to discover the word of data analysis and visualisation.
Font-type: sans-serif serif
Fype face / weight: light italics bold
Emphasis: font Font Font
Fewer font types and faces are better
Choose font accordingly
Color theory (use websites that can help with colors)
Fewer colors, use selection helpers
http://w3chools.com/colors (Color schemes)
Graphical semiotics by Bertin 1974
If it doesn’t add any value than don’t do it (2d vs 3d excel charts)
Quantiles classification (hardest)
User helpers in your charts (User better legend)
R language and R studio are powerful tools to quickly display data into charts and filter data to display big data sets
ggplot2 in R
Story maps (visualizing the context)
Here are the data sets that we where using the Hackathon most of them are from the city of Montreal open data website GitHub: https://github.com/CSCDS/datascapes-2017
I want to share with you one of my favorite Youtube channels that goes trough different hacking challenges. In one of it’s last videos LiveOverFlow gives details about a vulnerability discovered by his Paul Cher and his friend Emil Lerner who fuzzed FFmpeg and found several new vulnerabilities. I did a previous post about how to use FFmpeg to download a video from protected TV channel Replay website and as I already worked with this tool previously to build a video multiplexer on the fly so I found it interesting to share with you this Video and Podcast from LiveOverFlow.
The vulnerability here is in the HTTP protocol re-written for FFmpeg where content-length (using the Transfer-encoding:chunked format that allows to send the value of the length and than the content) is set to a negative integer witch causes a Segmentation fault. That will stop FFmpeg from executing on the target server.
This error was found using the Fuzzing method. By fuzzing the FFmpeg network protocols Paul Cher (using magic fuzzing technics called AFL) was able to reveal segmentation fault. Then he had to find what was causing this segmentation fault by debugging the actual FFmpeg. Here the main think was to rebuild FFmpeg with ASAN Addresssanetizer to detect memory corruption [here a Head overflow buffer overflow recognizable to the fa output in red]. Also to navigate trough the code Paul is using Ctags (reference in bottom).
Protocols are a good target
Capture The Flag competitions
Paul Cher tells LiveOverFlow that the best way he introduced himself to reverse engineering hacking is trough Capture The Flags challenges such as challenges from https://ctftime.org/
New tools to play around with code
A new video came out with more details on how the heap overflow happened.