Implementing Elliptic-curve Diffie–Hellman Key Exchange Algorithm using C# (cross-platform)

The Diffie-Hellman key exchange algorithm is a method to securely establish a shared secret between two parties (Alice and Bob). Elliptic-curve Diffie–Hellman (ECDH) is allows the two parties, each having an elliptic-curve public–private key pair, to establish the shared secret. This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric-key cipher. It is a variant of the Diffie–Hellman protocol using elliptic-curve cryptography.

More …

Weaponizing Boo-lang

CredentialsBoo is a language for .Net which appeals to a variety of users due to it’s clean syntax and powerful extensibility features. It claims to have an ultra clean syntax and advanced language features like: First class functions, Generators, Closures and List. comprehension. Boo is statically compiled, running at the same speed as C#, Assemblies produced by one .Net language can be used by another, so Boo-lang is fully interoperable.

More …

How to use pwndb.py

pwndb pwndb.py is a python command-line tool for searching leaked credentials using the Onion service with the same name. In this post I’ll describe all the possible options.

More …

Was my password leaked?

pwndb A data leak differs from a data breach in that the former usually happens through omission or faulty practices rather than overt action, and may be so slight that it is never detected. While a data breach usually means that sensitive data has been harvested by someone who should not have accessed it, a data leak is a situation where such sensitive information might have been inadvertently exposed. pwndb is an onion service where leaked accounts are searchable using a simple form.

More …

Google isn't indexing this site

Google Google isn’t indexing my blog. When I started writing I decided not to add Google Analytics in this site. I thought that decision wasn’t important but I think I was wrong, it looks like it’s important in order to have your site indexed by Google. If you want to add Analytics to your site, you have to add some javascript code. Also, by doing this, you’re allowing Google to share people’s cookies through the whole Internet to track what they do and where they go. So… I’m willing to run this site without Analytics.