Reading Phrack 61
Phrack 61 has appeared. Continued reading discipline.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged reading — 11 results.
Reading Phrack 60
Phrack 60 has appeared. The articles continue the trajectory of increasingly-sophisticated exploitation techniques.
Reading the Honeynet Project paper
The Honeynet Project's cumulative-analysis paper has finally been published. A walk through what it shows and what defenders should take from it.
Phrack 59 read carefully
Phrack 59 has appeared with several useful articles. A short writeup of what is worth reading and what it teaches.
Reading the netfilter source, properly
Following the migration to iptables, I have spent two weeks reading the netfilter source carefully. The implementation is more disciplined than I had expected.
Phrack 58 read carefully
Phrack 58 has appeared with several articles worth careful reading. Two in particular — on heap exploitation and on advanced kernel-level techniques — have shifted my mental model.
Phrack 57, read carefully
The latest Phrack landed in late September. Two articles in particular have shifted my thinking about advanced exploitation. The format-string article from Phrack 55 has a meaningful sequel.
Reading OpenSSH source
I have been promising myself I would read OpenSSH source carefully all year. A week of evenings has produced enough notes to write up. The implementation is more disciplined than I had expected and the architectural choices are educational.
Reading Snort 1.7 source
Snort 1.7 is in beta. Reading the source has clarified several things about how the engine actually processes packets, and revealed a few design decisions that I think are going to influence future IDS work.
Phrack 56, read carefully
The latest Phrack arrived in January. Two articles in particular deserve patient reading: one on kernel rootkits, one on a generalised technique for bypassing non-executable stack defences. Both shift my mental model of what defenders should be paying attention to.
Phrack 55, read carefully
The latest issue of Phrack arrived in September. I have spent the last two months reading it properly, line by line, and the technique articles in particular have changed how I think about a class of vulnerability I thought I understood.