I’m Ted “Tedsig42” Regis Kouhouenou, a young Cybersecurity Enthusiast, CTF player, music lover, drawer.
I spend any of my free time on Web Security Reseach .
I also make any contributions on Open Source project like Exegol, The Hacker Recipes and Payload all the things.
I play CTF and collaborate with @TheBugsReapers Vulnerability Researcher / Bug Hunter team .
I strive to provide as much information as i can about what i have learned on my blog tedsig42.re, which encompasses CTF writeups, research projects, and more.

MAPPING CODE TO ATTACK SURFACE

Once we know where we are, then the world becomes as narrow as a map.
When we don’t know, the world feels unlimited. Liu Cixin, The Dark Forest

Introduction

Attack surface (the potential entry points to exploit a vulnerability) going often with the growing of complexity of software.
The vulnerabilities to be introduced, as developers’ capacity to properly secure these feature is limited and mistakes are inevitable when dealing with millions of lines of code.
Minor issues can be chained together into far more serious vulnerabilities.

Introduction

Taint Analysis

Life is not like water. Things in life don’t necessarily flow over the shortest possible route Haruki Murakami - 1Q84

Taint analysis (or source and sink analysis ) is the analysis of the flow of input through a program from sources to sinks .

It relies on a simple idea: a large number of vulnerabilities occur because attacker controlled input (the source) flows to a dangerous function (the sink). If the input modifies other variables along the way, these variables become “tainted” and are included in the analysis.

Hi everyone this is the first serie of my notes and my recap of the awesome/incredible book From Day Zerp to Zero Day written by Eugene “Spaceraccoon” Lim a security researcher and white-hat hacker.

He learned rapidly because his first training was in how to learn. - Frank Herbert, Dune.

With the number of discovered and exploited zero days constantly growing, vulnerability research, or the process of analyzing systems for new vulnerabilities, has zero to zero assumed a critical role in cybersecurity.