My Last Post on This Domain

OK guys,

I think that it is time for me to publish the last post on this blog using WordPress as a domain. As you probably already know, GitHub is my favorite company and I have decided to switch my blog to a completely new domain.

I have published a couple of posts exclusively on the new domain and backed up every post from this domain to my new address (with one exception, but I’m working on it). I feel confident now to make the switch and I started to feel really comfortable using GitHub + Jekyll as a blogging platform, so I’ve decided to drop by and say good bye to my old domain.

From now on, you can follow me on r3bl.github.io. Be sure to use the http version of the site because https version is currently not properly implemented in the code. If you run into some issue while browsing the site or you miss a feature that I had implemented on this domain, feel free to report it here.

As always, you’re more than welcome to contact me anytime on aleksandar.todorovic@mail.ru. I hope that you’ll continue to read me on my new address.

Sincerely,
Aleksandar Todorović

Advertisements

CodeCombat – The Most Fun Way To Learn New Programming Language

about_comic

If you ever programmed in your life, you’ve probably realized that the process of learning a new programming language can become quite a boring thing to do. You already know how to program in X programming language, but you need to learn the syntax of Y language for yourself / for some new project / for some job you want to get? Well, believe it or not, there is a fun way to do that.

I was never a huge fan of video games, but I did like to play a game or two once every few days. I haven’t played a single game for months now. I consider playing games as a huge procrastination. One of the main reasons I switched to Linux (almost completely now) is because I wanted to be more productive, and one of the ways to be more productive is to limit your access to the things that make you procrastinate*.

But, there’s a certain game that got my attention. It’s called CodeCombat and the point of playing this game is to teach you the syntax of a programming language in a very fun way. It’s an open source project (and if you’ve been reading my blog you know how much am I obsessed by everything related to open source) and the game is not limited to one specific programming language. You can select which programming language you want to use. My choice for a new programming language was JavaScript. This is a pretty well done browser game, so you can start playing the game no matter what platform you’re using currently.

Now I’m not in any way suggesting that this is the best way to learn some programming language, but it pretty much is the most fun way of doing that. So, if you like playing computer games, but you think that you’re waisting your time by playing them instead of learning something, this game is pretty much the best of both worlds.

trailer_1

* DISCLAIMER: I’m not saying that gaming on Linux is not possible. I’m a huge fan of the way how Linux gaming is advancing in the last year or two. I’m just having a huge self control over it.

Da li su dobri muzički producenti ujedno i dobri psiholozi? [eksperiment]

NAPOMENA: Ovaj članak nije ograničen na neki muzički žanr, preporučujem svim čitaocima da ga pročitaju bez obzira šta da slušate.

U prethodno objavljenom postu sam već najavio svoje najnoviji rad na temu o tome da li muzika može da utiče na ponašanje određene osobe. Prije nekih 10 dana sam počeo da se bavim time i još uvijek sam fazi pisanja draftova i traženja kvalitetne literature da bih uradio rad na nivou.

Međutim, tokom mog procesa traženja materijala, naišao sam na jedan zanimljiv tvit koji tvrdi da je dobar muzički producent ujedno i dobar psiholog. Nisam ga razumio, pa sam odlučio da pročitam članak na koji se taj tvit odnosi. To me je dovelo do ovog članka u kojem se objašnjava šta je tačno muzički producent. U članku se samo nekoliko puta spominje ta izjava bez detaljnog objašnjenja kako tačno muzički producenti utiču na psihu kod ljudi, temu koju objašnjavam u svom radu.

Da bih samo dodirnuo površinu toga, odlučio sam da malo prostudiram temu u obliku ovog posta, čisto da zaintrigiram vašu maštu.

Dakle, dobar muzički producent je ujedno i dobar psiholog. To je izjava iza koje stojim. Potrudiću se da ukratko objasnim i zašto.

Svi smo tokom svog života čuli makar jednu pjesmu u kojoj je tekstopisac pogodio neku našu bolnu tačku i natjerao nas da se osjećamo na određeni način na koji smo se osjećali. Međutim, mnogo manje pažnje se posvećuje muzičkim producentima, ljudima koji muziku ukomponuju sa tekstom i preko nje izraze svoje emocije. Zašto je to tako, trenutno ne mogu da sa sigurnošću tvrdim. Jedini razlog koji mi pada na pamet jeste taj što se samoj muzici moramo u potpunosti prepustiti da bi ona izazvala u nama ono nešto, dok to nije jednak slučaj i sa tekstovima u pjesmama.

Zato želim da uradim jedan eksperiment. Izazivam vas da na nekom malo kvalitetnijem ozvučenju (bile to slušalice, malo kvalitetniji zvučnici ili nešto treće) poslušate sledjeće pjesme. Dakle jedino što ne dolazi u obzir jeste slušanje preko telefona, zvučnika od laptopa ili slušalica od jedan euro. Ja ću vam tačno opisati kako će vas pjesma natjerati da se osjećate, a vi me slobodno kontaktirajte i recite mi da li sam pogriješio ili ne. Poslušajte pjesmu sa zatvorenim očima, nakon što se pjesma završi, pročitajte tekst u kojem sam opisao tačno kako ćete se osjećati dok slušate pjesmu i napravite usporedbu. Garantujem da će se mišljenja poklopiti u minimalno tri od pet slučajeva.

Prva pjesma: Netsky – Lost In This World

Sam žanr ove pjesme vam se možda nije svidio, ali ste se osjećali uznemireno dok ste je slušali. Kroz misli vam je prošla osoba koju ste nekad imali, ali je izgubili. Mislili ste o njoj, osjećali ste se nervozno i u vama je počela da se nakuplja određena doza bijesa.

Druga pjesma: The xx – Intro

Za razliku od prvog eksperimenta, ova pjesma nije dotaknula vaše emocije u negativnom smislu. Zapravo nije ih dotakla ni u dobrom smislu. Sve što ste osjećali jeste osjećaj relaksacije, i svi problemi su nestali na tih nekoliko minuta.

Treća pjesma: Blackmill feat. Veela – Life

Zbog ove pjesme ste se osjećali srećno. Osjećali ste kako se nalazite na nekoj plaži, toplo sunce vas je grijalo, a vi ste se osjećali bespokojno. U glavi ste imali osjećaj kao da su svi problemi postepeno nestali, a do kraja pjesme ste imali osjećaj kao da ste upravo proživjeli jedan od najljepših trenutak vašeg života.

Četvrta pjesma: Noisia – Tommy’s Theme

Osjećali ste se prljavo. Zamislilili ste se u nekoj post-apokaliptičnoj situaciji u kojoj je čitav svijet uništen ljudskom glupošću. Sav bijes je u vama proradio u tom trenutku.

Peta (i posljednja) pjesma: Porter Robinson – Unison

Ovo je vrlo posebna pjesma na listi jer ne budi jedno osjećanje u slušaocima, nego više njih. U samom početku niste znali šta da očekujete i kako da se osjećate. Kada se taj dio pjesme završio i kada je krenuo drugi, osjećali ste se opušteno, svaka nota vam je odgovarala, čak i ona jedna jedina za koju ste u tom jednom trenutku pomislili da je pogrešno odsvirana. Međutim, na vaše iznenađenje, pjesma je krenula da vas diže, da se osjećate živo. I tu je završio drugi dio pjesme. U trećem dijelu pjesme ste se osjećali onako kako zamišljate da ćete da osjećate kada bi nekada probali neku drogu. Sav ovaj proces se još jednom ponovio.

Ukoliko vas je članak zaintrigirao, pozivam vas da mi se javite i da podijelite sa mnom rezultate ovog eksperimenta. Javiti mi se možete na nekoliko načina, putem mail-a, koristeći Facebok, Tviter ili komentirajući direktno ispod članka koristeći vaš WordPress nalog.

LiBRE! 28 – Slobodni softver i internet stvari (1. deo)

Izašao je novi, 28. po redu broj LiBRE! časopisa. U ovom broju možete pročitati prvi dio teme Slobodni softver i internet stvari koju obrađujem u ime LiBRE! tima.

U prvom dijelu sam se zapitao možemo li računati na softverske gigante u uvođenje slobodnog softvera u internet stvari. Pored toga sam napravio uvod u to kako tačno rade pametni uređaji te tako napravio uvod za drugi dio članka u kojem ću obrađivati Spark projekat koji sam izdvojio kao najzanimljiviji projekat vezan za internet stvari koji se fokusira u potpunosti na slobodne tehnologije u svom biznis modelu.

Ukoliko ne želite da skidate čitav broj da biste pročitali tekst, tekst možete da preuzmete i iz za to posvećenog dijela moje web stranice.

Pored nastavljanja bavljenja ovom temom, u izradi je i moja prva ozbiljnija samostalna publikacija u kojoj se bavim u potpunosti drugačijom temom, uticajem muzike na ponašanje osobe. Ovo je prva tema koju obrađujem u svom cilju da savladam razumijevanje ljudskog ponašanja i načine preko kojih se ljudsko ponašanje može modifikovati u ličnu korist (pojam socijalni inžinjering). Kada rad bude završen, vratiću se regularnom blogingu.

Papers We Love

If you’re like me, the chances are you like learning new things. If you’re like me, than you love computer science. I have a big passion to learn as much as I can about computers. Because it’s kind of a huge subject and no human could ever learn everything about computers, I had to decide which subject I should focus on. The choice was not that hard for me and I’ve decided relatively easy that my subject of choice is cyber security. I care about privacy and man do I love breaking things!

So, what I want to represent today is a git. Inside that git, you’ll find a lot of computer science related academic papers uploaded my people like you and me. The point of doing this git is to create a high quality source for papers, and those 50 contributors are doing the hell of a job doing that. It’s the little projects like this that makes me happy. When people unite and do something awesome together. I’m even happier because this is the first use of git I found useful that is not related to any programming language.

So, if you do have some spare time, some research papers stored on your local drive and a wish to give back to the community, I will ask you to visit Papers We Love repository, fork it and upload the shit out of good quality papers to it! I know I will. Especially because I saw that the security section is pretty empty for now.

Sensitive Data Grabber Project

So, what I want to present to you today is a project I’m currently working on. What I’m doing is I’m creating a program that will collect all of the sensitive data from the victim’s computer and saves them on a thumb drive. The program is currently being written as a form application using Microsoft’s Visual Basic and .NET framework 4.5. After I finish the beta version, I’m planning on re-writing the program so it will be a console application and it will work with some older .NET framework (I’m not yet sure which .NET framework will I support for now).

Now, what I want to do is to tell you what this program actually does for now and what I’m planning on implementing.

First of all, the program will collect some basic data about victim’s computer. That data includes information like OS version, number of processors, RAM available, username in use, domain name, machine name and similar.

After that, the program will check if you have installed applications that are currently supported. Here is the list:

  1. Evernote
  2. Google Chrome
  3. Microsoft OneNote
  4. Mozilla Firefox
  5. Mozilla Thunderbird
  6. Pidgin
  7. Steam
  8. World of Tanks

The next stop: copying some data! Here’s the list of applications and a current list of sensitive data it will copy:

  1. Evernote – file containing victim’s current username, email associated with that username and a copy of victim’s current database (implementing it right now).
  2. Google Chrome – files containing bookmarks, cookies, history, login data and web data.
  3. Microsoft OneNote – the copy of all of the victim’s notebooks.
  4. Mozilla Firefox – files containing cookies, addons, form history and downloads history.
  5. Mozilla Thunderbird – files containing addons, address book and cookies (planning on supporting of copying all of the emails if a victim uses POP3 instead of IMAP).
  6. Pidgin – file containing all of the victim’s usernames and passwords in clear text and a directory where victim’s logs are saved.
  7. Steam – configuration file containing a list of all users ever connected on that PC and some decryption keys (not sure what those are for, but I will find it out).
  8. World of Tanks – file containing all of your preferences and a folder containing your latest battle results.

So, the program will automatically locate your removable drive and store all of those files in it.

The point of doing that program is to prove that a lot of pretty sensitive data is easily accessible to someone who has a physical access to your Windows machine. Combine those two and the victim gets pwned big time. The program is currently in pre-alpha stage and I don’t recommend anyone using it for now, but if anyone wants to look at the code for now, you can do that here. Once it’s finished, it will be open source (licensed under GPL) and everyone will be able to add programs to the compatibility list.

Notes on Build Your Own Cyber Lab at Home Course

Recently I finished a free course offered Cyber Security School Online on Udemy called Build Your Own Cyber Lab from Home.

What I want to do now is to share the notes I’ve written while taking the course. The courses are divided into a couple of cathegories and they’re written for my current knowledge and situation, but I hope that there will be a person out there that will find them useful.

Here are the links to .odt version and .pdf version.

Flashback: My First Steps in Hacking

I was always a curious guy. I was always wondering how do some things work, but I just didn’t know how to find out about it. I, at the time, followed Discovery Channel, Viasat Explorer and other scientific shows because I wanted to know more. I would write down everything I thought it was fun to learn in my little notebook as a reference if I needed to learn more about that. I didn’t prepare for doing something like that. That’s why my notes were messy and Icouldn’t do anything about it. And of course, at the time, I did not have a computer or internet or smartphone or anything like that.

So,years later, I finally got internet connection! I was 16 years old back then. Yup, I lived 16 years without the internet and I can’t be happier about it. I had a nice childhood. Anyway, when I finally got an access to the internet, I did spend two years doing nothing and exploring the power of internet. I used Facebook a lot, used Skype, YouTube, and basically got an account in every social site ever. I was senior in high-school when I learned a thing or two about computers. I already mastered Pascal and Delphi, I knew some networking basics and I knew a lot about building my own desktop computer. But in my senior year, I was learning object-oriented programming. And while I was learning Visual Basic (6.0 was theversion my school decided to teach), I needed to do my final exam using Visual Basic, some basic printing app that will connect to MySQL database my friend was doing and print stuff from it on a specifically designed pieces of paper.

I didn’t want to do it Visual Basic 6.0. That version was sooo old! And I needed some support looking things up on the internet! So I decided I should download Visual Studio 2012. And I did. And I learned programming in Visual Basic that’s four or five versions more advanced than the version they taught us in school. I felt so proud!

In the end, I didn’t manage to finish the whole final exam. The app was full of bugs and I didn’t like it. While I was presenting my final work to a couple my teachers I managed to socially engineer them (at the time, I had no idea what social engineering is exactly, but stillmanaged to pull it off) and I got the highest grade without everactually running my program! Damn that felt so good.

After that, my high-school was finished and I had some spare months until my collage begins. I started being curious. I wanted to know what that s represents in https. So I started learning, and learning. I did DDoS a couple of websites, did some automated SQL injection using Havij accessed some admin panels using passwords I extracted using Havij and that was pretty much the whole scope of my hacking back then.