The art of trolling and its connection to innovation


Introduction to reverse engineering

1. Introduction

Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation. This involves taking some device, system or software and breaking it apart, analyze it and conclude how it works. When reverse engineer conclude how system works he can take advantage of it, he can recreate it, document it or fix flaws. Reverse engineering is commonly used to document system that is poorly documented and designers are no longer available, to retrieve lost source code and fix problems, to use undocumented API for interoperability, to create competitive project similar as reversed project or to overcome protection. Here we will focus on software reverse engineering in


Chasing script-kiddies and hackers on my blog

This morning, I was wondering over my admin dashboard and realized there are couple of guys (hackers or script-kiddies) trying to hack me. Well, to be hones guess my user name and password. So far, they were failing, but some of them were returning and trying every couple of hours, when my blocking mechanism release the block. Particularly, one guy from Moldova, one from Romania and one from Ukraine. To say it on the beginning… I ain’t gonna say something very smart here, I was just playing a bits of forensics here and there, to find out who they are. And to be honest, I am not satisfied, since I have not found much apart from IP address of machine


Hacker’s lament

But did you, in your three-piece psychology and 1950’s
technobrain ever take a look behind the eyes of the Hacker? Did you ever
wonder what made him tick, what forces shaped him, what may have molded

I am a Hacker, enter my world….

Mine is a world that begins with school… I’m smarter than most
of the other kids, this crap they teach us bores me…

Damn underachiever. They’re all alike.

I made a discovery today. I found a comupter. Wait a second,
this is cool. It does what I want it to. If it makes a mistake it’s
because I screwed it up. Not because it doesn’t like me…
Or feels


GreatUniHack – impressions from hackathon

This weekend (17th-19th April 2015.) I was participating GreatUniHack, so I would like to share here some impressions and experiences. GreatUniHack is a 36 hour hackathon organised by University of Manchester students and supported by Major League Hacking – an planetary organisation that supports hackathons around the World. It was held in Old Grenada Studios, the place where I was told Coronation street was filmed and some other popular BBC series.

It was supposed to start at 6PM on Friday 17th April. After a bit of struggling with meeting one of our team member, we managed to arrive at the place at 6:10. We found a table, took couple of photos. In my team was Michele, who is


Train with Game Over.iso

Today I have tried to set up GameOver.iso, one of many interesting live linux environement that is meant to be training tool for learning about web application security. I must admit that I like it, altrough I had a little problems and confusion in start. Actually it is linux live CD that set up web server with vulnerable web applications that you can try to hack. As I had used some of the linux distributions that are ment to be training environement like OWASP live CD, I expected also some graphical environement. Tried startx command from console, but nothing happened. Then I learned that it just starts server, and you had to access vulnerable websites from other machine via

Najčešći sigurnosni propusti u web aplikacijama

Najčešći sigurnosni propusti u web aplikacijama


S obzirom da ima malo toga napisano na srpskom o bezbednostnim propustima na srpskom jeziku, mislim da je pravo mesto ovde da napišem o tome koju reč. Pokušaću da opišem najčešće bezbednostne propuste koji se javljaju u web aplikacijama i koji se uglavnom oslanjaju na 2 liste – OWASP top 10 i CWE25.


Injekcije (Injection) – Ova kategorija propusta se odnosi na ubacivanje napadačevog, malicijoznog koda u kod web aplikacije. Najčešće se pominje SQL injection kada se govori o ovoj klasi napada. Međutim postoje i mnogi drugi tipova injekcijonih napada poput code injection, sa podvrstama PHP injection, javascript injection. Cross site scripting je takođe vrsta injection napada, jer se ubacuje maliciozni HTML kod u kod sajta. Moguće je