22 September 2017
Today we will share a quick python script for creating a hex dump of any file in Python. It can be pretty useful sometimes when we want to drill down into the low level data of a file - perhaps when we would like to analyse the file header of a piece of malware or understand the details of a specific file format. Of course there are Hex Editors and Unix tools to do so but sometimes a simple Python script can be nice due to it's OS independent nature.
03 July 2017
I will start this post with a necessary disclaimer. Scraping data from a search engine results page is almost always going to break the Terms of Service of the search provider; or at least I have yet to hear of a search engine which does not explicitly forbid the practice. In reality though, such Terms of Service probably only exist to deter those who wish to use the data to create a competing service which could potentially undermine the value of the scraped engine.
02 May 2017
Let's talk a little about passwords today. Have we all heard of the infamous LinkedIn password breach back in 2012? Over 117 million encrypted passwords were leaked and put up for sale.
Massive data dumps such as these become treasure troves for research of human behavior in the context of security. The US Company Preempt revealed that a staggering 35% of the passwords in the dump could already be found in password dictionaries available prior to the breach. Statistics like these remind us to keep our passwords as strong as possible.
13 Apr 2017
The infamous incident of Major Charles Ingram and his wife attempting to cheat the game show "Who Wants to be a Millionaire" is a marvelous tale with a captivating premise and a remarkable turn out of events. It truly was amazing that the contestant was able to get as far as he did without arousing suspicion considering how blindingly obvious the fraudulent act now looks in retrospect.
30 Dec 2016
"Dirty COW" (CVE-2016-5195) is a remarkable software vulnerability in the Linux operating system that was discovered in the October of 2016. Shockingly, the vulnerability is exploitable on unpatched Linux systems of nearly every Linux-based operating system including Android and dates back an alarming 9 years.
The exploit takes advantage of a race condition in the Linux copy-on-write process that allows arbitrary data to be written to any file part of the operating system including read-only files.
04 Dec 2016
When the Belorussian antivirus company, VirusBlokAda, first published the Stuxnet worm in 2010 the world of computer security was shaken. The cyber weapon included four zero-day vulnerabilities in the Windows operating system with the capability of compromising even a fully patched Windows 7 system.
Perhaps the most alarming of the OS vulnerabilities used was the LNK Windows Shortcut flaw which allowed the execution of code by merely opening the folder containing the malicious LNK file.
Ruby Devices do not in any way condone the practice of illegal activities in relation to hacking. All teachings with regards to malware and other exploits are discussed for educational purposes only and are not written with the intention of malicious application.