egglessness - random notes on computer security

Welcome to my blog!
I'm Daniele Ferla and this is the place where I put some ideas and random notes about computer security and other stuff. Just the nitty-gritty, to keep everything simple. Enjoy :)
The hackiest way I've seen to pass WiFi credentials to an IoT device
Picture this: you just bought your brand new IoT device. You take it out from the box and power it on. But... how do you pass your WiFi credentials to make it connect to your network? This solution literally blew my mind!
No, using strncpy won't really make you safer
Even if specifying the length of the buffer you want to operate on seems a good security practice, using strncpy instead of strcpy may help attackers to leak sensible data from your program memory. Here's why.
_FORTIFY_SOURCE: explained
Compilers like GCC and Clang give developers the possibility to secure buffers in their applications by supplying the _FORTIFY_SOURCE macro at compile time. In this post, we will see how does it work and what can it do for us.
Abusing Facebook prefetching to leak users IP address and user agent
Prefetching external links on Facebook can surely enhance the user experience, but... can it be exploited to do some reconnaissance on a target victim?
Testing a MachineFunctionPass on LLVM without having to recompile every time
Recompiling the whole LLVM infrastructure is a very tedious and long process. I'll show you how to get away with it in just a few seconds.
© 2019 Daniele Ferla. All rights reserved.