Analysis of TimeLock and Vulnerability Writeup

I have something exciting to share today, my first bug bounty! Hopefully the start of something great. It even came with a generous reward, in my favourite crypto currency, Bitcoin.

I was browsing Reddit as you do, and came across this post on r/bitcoin.

post

u/cryptocomicon has developed some encryption software which can be used to safely store secrets and release them to the world sometime in the future. The software can encrypt and store arbitrary files, and release them to trusted third parties when you are no longer around. Sounds good for passing on crypto currency wallets and passwords.

u/cryptocomicon issued a challenge:

“I’m so confident in this technology that I’ve created a challenge LockBox file which holds the private key to an address with 0.02 BTC.

Please give it a try.”

Challenge accepted.

More …

New Beginnings

 _   _      _ _        __        __         _     _ _ 
| | | | ___| | | ___   \ \      / /__  _ __| | __| | |
| |_| |/ _ \ | |/ _ \   \ \ /\ / / _ \| '__| |/ _` | |
|  _  |  __/ | | (_) |   \ V  V / (_) | |  | | (_| |_|
|_| |_|\___|_|_|\___/     \_/\_/ \___/|_|  |_|\__,_(_)
                                                      

Welcome to my blog. This has been a long time coming, but as with everything in life, nothing actually gets accomplished until you sit down, free from distractions and get to work.

I have always been interested in security. Its one of the primary reasons why I did a Computer Science degree at University.

A few years ago, when I was a second year, I decided to get serious about security, and I brought a collection of books, since security is very much a self taught field.

books

I started marking my way through them, starting with Practical Malware Analysis, until University started demanding literally every minute of life dedicated to study in order to keep my grades up.

So, I put my books away for a few years.

My passion for security never stopped though. I kept going to Kiwicon, New Zealands Hacker conference.

t-shirts

I got through my Honours degree, writing a thesis on Automatic Exploit Generation for Embedded Systems, which used symbolic execution to find some trivial buffer overflows and automatically output a basic proof of concept exploit.

From there I was a little lost in life, so I started a PhD.

During that time, I created my startup, Dapper Linux, a high security operating system designed with concepts such as multi level security, defence in depth, etc. It features a grsec kernel and flatpak sandboxed applications.

I’m coming to the end of my PhD now, and since Dapper Linux has not really taken off as much as I expected it to, I have come full circle back to my original passion: security.

It’s time to read my books and make a career out of infosec.

This blog will cover this journey and will contain writeups of problems mentioned in books, CTF competitions and other challenges out there on the internet.

I hope you find the posts interesting.

Matthew.