# Illusion of Randomness & Exploiting RNGs

Entropy, a more scientific term for what we call “randomness” is the measure of uncertainty or disorder.
But the question is, how do we decide if something is random and more importantly, how much? Let’s find out!

# Illusion of uncertainty

Is the direction of a ball bouncing off a wall is uncertain? No. It depends on the angle on which it made contact with the wall. It’s not random.
What if you close your eyes and type a long string really fast? Will it be random? I made this little webpage so you can find it yourself.
You will notice that the string you typed…

# Deblurring images for OSINT — Part 2

Let’s reverse Pixelize blur.

Note: GIMP is used as the photo editing tool in this tutorial.
There’s no way to retrieve 100% of the details from an image once it’s distorted.

In the previous article, we talked about how mathematical operations are used to apply filters to images and how we can deblur images that are blurred using Gaussian blur.

In this article, we will talk about another popular blurring method known as Pixelize. Images blurred using this method can be identified by visible “boxes”. Take a look at the following image for example

The Pixelize blur works by dividing…

# Finding vulnerabilities in Source Code

Although I am not a professional source code auditor, I am a hyperactive programmer and security researcher. The article is based on my own experiences and reading various vulnerability reports throughout my journey in information security. Hence it might have some flaws that I would love to know about in the comments. Having that said, let’s get started.

# Low hanging fruits

There are few things that can lead to discovering vulnerabilities without actually reading all the code. I am listing a few such techniques that I have found to be useful.

## Validating patches

If previous versions of source code are available, go through the changelog…

# Learn to code in less than a week

Programming is an amazing skill to have and I believe it’s especially essential if you want to be good at information security. With the magic of programming, you can write exploits, automate things, get better understanding of how something works under the hood or find vulnerabilities going through source code.

If you are reading this article, you belong to one of the following classes

• You want to learn programming but not sure where to start
• You tried learning programming in the past but you found it hard
• You are insecure about your skills so you are here to see what…

# How I found 5 ReDOS Vulnerabilities in Mod Security CRS

This write-up assumes that the reader has intermediate (or higher) knowledge of regular expressions. If you are not very familiar with regular expressions, you might want to check out this tutorial. You may also want to read my introductory article about ReDOS.

I have been spending a good amount of time writing ReDOS exploits and studying WAFs lately. To practice my skills in the real world, I chose Mod Security Core Rule Set because it has tons of regular expressions and on top of that, these regular expressions are being used by WAFs in the wild to detect attacks. …

# Exploiting Regular Expressions

A regular expression (or regex) is basically a search pattern. For example, the expression `[cb]at`will match both cat and bat. This isn’t a regex tutorial so if you don’t know much about regex, go through this amazing cheat sheet before reading any further.

Let’s get started with some basics anyway :)

## Repetition Operators

`+` is a repetition operator and matches repetition of characters, patterns or groups.

`ca+t will match caaaat`

There’s another repetition operator, `*`. The only difference between `+` and `*` is that `+` matches one or more while `*` matches zero or more. To be clear about this,

`ca*t will…`

# Deblurring Images for OSINT and more — Part 1

During intelligence operations, we often come across images that may contain important information but they are too blurred, noisy or just unclear to make sense out of. In this article, I am going to talk about some techniques that we can use to retrieve information from blurred images.

## How do filters work?

Every image is made up of tiny dots, known as Pixels. Each pixel has a value which produces the color it has. Different picture formats require the pixels to hold a different kind of values. For example, grayscale images are “black and white” and each pixel in them holds a value ranging…

# Backdooring Websites with just 35 bytes

tl;dr This article is about code golfing a PHP shell to 35 bytes while keeping it usable as well as secure. The web shell can be found on Github.

Ninjas need to be stealthy but trading off usability for stealth is a bit expensive. We want our web shell to be able to do everything while staying as stealthy as possible. So, we will start with adding the ability to run arbitrary functions by playing with PHP syntax

# Cracking eAadhar password in 2 seconds with Maths

Every eAadhar letter is locked with a password which is a fixed string of following schema:

first_four_letters_of_name_in_uppercase + year_of_birth

Basically there are 4 uppercase alphabets & 4 digits involved. So how many combinations can be generated from 4 uppercase alphabets and 4 digits? The answer is `2821109907456` and it would take 90 years to crack the password if we try 1000 combinations per second.

Ain’t nobody got time for that!

# Time for some maths & shit!

Opps! We just made a mistake here, we don’t have to calculate all the combinations because…

## Somdev Sangwan

I make stuff, I break stuff and I make stuff that breaks stuff.

Get the Medium app