Joys of Geometry

Creating figures with math software does not feel like fabricating illustrations for science posts. It is more of a meditation on geometry. I want to literally draw every line. I am not using grid lines or rendered surfaces. I craft a parametric curve for every line. A curve is set of equations. Yet, playing with … Continue reading Joys of Geometry

Galaxies of Diffraction

These - the arrangement of points in the image below - are covectors, sort of. I wrote about them, some time ago. They are entities dual to vectors. Eating vectors, spitting out numbers. Vectors are again 'co' to vectors; they will eat covectors. If vectors live in a space with axes all perpendicular to each … Continue reading Galaxies of Diffraction

Looking Back: Hacking and Defending Windows Public Key Infrastructure (ADCS)

I live at the fringes of the cybersecurity community. I have never attended infosec conferences. There will be a talk on PKI hacking at Blackhat 2021 soon: Top AD offensive security gurus are presenting comprehensive research on abusing ADCS (Active Directory Certificate Services). I only know about that, because I noticed backlinks from their article … Continue reading Looking Back: Hacking and Defending Windows Public Key Infrastructure (ADCS)

Vintage Covectors

Covectors in the Dual Space. This sounds like an alien tribe living in a parallel universe hitherto unknown to humans. In this lectures on General Relativity, Prof. Frederic Schuller says: Now comes a much-feared topic: Dual vector space. And it's totally unclear why this is such a feared topic! A vector feels familiar: three numbers … Continue reading Vintage Covectors

Dirac’s Belt Trick

Is classical physics boring? In his preface to Volume 1 of The Feynman Lectures on Physics, Richard Feynman worries about students' enthusiasm: ... They have heard a lot about how interesting and exciting physics is—the theory of relativity, quantum mechanics, and other modern ideas. By the end of two years of our previous course, many … Continue reading Dirac’s Belt Trick

Parse Certificates Stored in the Windows Registry

You can parse the binary blobs that represent certificates stored in the Windows registry with certutil correctly, even when the Windows Explorer / GUI tells you that this is not a certificate. certutil seems to be able to handle / ignore meta data better. Once upon a time I played with the machine Ethereal provided by … Continue reading Parse Certificates Stored in the Windows Registry

Statistical Independence and Logarithms

In classical mechanics you want to understand the motion of all constituents of a system in detail. The trajectory of each 'particle' can be calculated from the forces between them and initial positions and velocities. In statistical mechanics you try to work out what can still be said about a system even though - or … Continue reading Statistical Independence and Logarithms

The RSA Algorithm

You want this: Encrypt a message to somebody else - using information that is publicly available. Somebody else should then be able to decrypt the message, using only information they have; nobody else should be able to read this information. The public key cryptography algorithm RSA does achieve this. This article is my way of … Continue reading The RSA Algorithm

Impersonating a Windows Enterprise Admin with a Certificate: Kerberos PKINIT from Linux

This is about a serious misconfiguration of a Windows Public Key Infrastructure integrated with Active Directory: If you can edit certificate templates, you can impersonate the Active Directory Forests's Enterprise Administrator by logging on with a client certificate. You have a persistent credential that will also survive the reset of this admin's password. In the … Continue reading Impersonating a Windows Enterprise Admin with a Certificate: Kerberos PKINIT from Linux

Locating Domain Controllers and Spoofing Active Directory DNS Servers

Last year, hackthebox let me test something I have always found fascinating - and scary: You can impersonate any user in a Windows Active Directory Forest if you have control over the certificate templates of an AD-integrated Windows Public Key Infrastructure: Add extended key usages for smartcard logon to the template, enroll for the certificate, … Continue reading Locating Domain Controllers and Spoofing Active Directory DNS Servers