A toy example of a constraints solver, provided by Cognisys (https://cognisys.co.uk/). We are given four four-digit numbers, and told for each how many digits are a) in the right place, b) in the wrong place. For example:

1453 => “one digit is in the right place, and one is in the wrong place”

There are (implicitly) no repeat digits. Guess the combination.

You could do this iteratively, and solving by hand, we’d start with the strongest constraint first. But we’re programmers, and thinking is hard. Since there’s only 10,000 combinations, why not just test them all?

Cast your minds back - or possibly don’t, it wasn’t a fun time - to the Great Toilet Paper Shortage of 2020, early on in the pandemic. The supply of toilet paper was fine, but demand skyrocketed - and some enterprising folk decided to exacerbate this by buying in enormous bulk with the intention to resell. Almost everywhere, this was condemned as price gouging - which it was - and in many cases, the oppressed rolls of the people were liberated by law enforcement, no doubt to go to a better place.

Spend some time on Reddit - which you probably shouldn’t - or read the original Terry Pratchett - which you should - and you’ll probably come across the Sam Vimes “boots” theory of Socioeconomic Unfairness.

""" The reason that the rich were so rich, Vimes reasoned, was because they managed to spend less money.

Take boots, for example. He earned thirty-eight dollars a month plus allowances. A really good pair of leather boots cost fifty dollars. But an affordable pair of boots, which were sort of OK for a season or two and then leaked like hell when the cardboard gave out, cost about ten dollars. Those were the kind of boots Vimes always bought, and wore until the soles were so thin that he could tell where he was in Ankh-Morpork on a foggy night by the feel of the cobbles.

“I don’t know what the language of the future will look like, but I know it will be called Fortran”.

So, I’ve got a simulation of a chemical plant (the Tennesse Eastmann process), a Reference Control Problem (i.e., a benchmark for process control I want to set some ML models on - it’s open loop unstable). I could use a Simulink model, but that requires learning a new toolset… and frankly that’s probably at least as hard as programming. Programming isn’t that hard!

Introduction

This challenge was provided from HackTheBox for BSides London 2021. It’s a forensics challenge, we’ve given a packet file and asked to find out what the attacker did inside the network.

Baby steps

Download and verify the zip and pcap, and load the latter into wireshark. I had some initial trouble due to wireshark not being configured to include RTP (Real-Time Transport Protocol) over UDP by default (Analyze -> Enabled Protocols) It’s an easy enough setting to change, if you know to look for it.

Introduction

This CTF-type challenge was created for BSides London last year - ultimately moved from 2020 to 2021, because of The Thing That Happened. Initially, the plan seemed to be that by entering, you got a chance at free entry - however in the revamped 2021 edition, entry was free anyway. The CTF is a simple forensic challenge: given an altered copy of the famous Arecibo image emitted by the unfortunately now-demised Arecibo radio telescope in Puerto Rico, can you decode the hidden message inside it?

When it comes to safety, security, or public health measures, there’s usually an unspoken debate; whether you trust individuals to do the right thing or not.

You can certainly argue, and back up with data, that teaching airgaps is like teaching abstinence; ineffective because it doesn’t actually happen.

For example, as a “not” approach, take Dale Peterson’s discussion of seatbelts vs. airbags:

Not only does it make sense to eliminate the possibility of an error, it also (being very broad here) is intensely backed up by data.

A slightly anonymised - variant of a writeup I did for a CTF.

The principle of XOR encryption is fairly simple: for each bit in your plaintext, you apply the following truth table:

i.e. return True if and only if the two elements are different. This produces a strong ciphertext - if the key is as along as the text (and if you don’t retransmit the same information, or reuse keys, which in practice along with key-length demands is why we don’t use purely XOR all that much). This is the origin of the fabled one-time pad. With a short key, however, patterns emerge. In this case, we know the key is 6 chars, although you could find that out by comparing Hamming distances. For the record, this is very similar to challenges in cryptopals and project euler (the latter has a much shorter key, so is easier; the former requires you find the key length yourself).

This one is a trip down memory lane for me. My undergraduate project was in Materials Science, but specifically, I was making a Single Photon Source (SPS) for Quantum Key Distribution (QKD). As the materials person, all I need to know is that making a single photon is what’s required. However, I wanted to learn the underlying principles. So.

BB84 is a scheme for Quantum Key Distribution - that is, deciding on a key in a tamper-evident manner using the behaviour of entities as described by quantum mechanics. The system works as such:

Programs are badness, Kernel mode programs are badness squared, and kernel mode programs on every machine you have are badness cubed.

But what other choice do you have? At a basic level, computers can run arbitrary code, including code you don’t want to run. And networked computers can talk to arbitrary other networked computers, including ones you don’t want them talking to. I really recommend “The Coming War on General Purpose Computation” for a discussion of that. You can handwave all you want, those two laws are fundamental.