I just wanted to share some updates here on my website! :)
I've started a new CTF-style project based on real security challenges found in the wild. Check out Real Sec CTF! If you have any examples of problematic security solutions you've found in the wild I'd be happy to add it!
I've also started a section on reversing PHP malware where I take a closer look at PHP malware and try to figure out what they are doing and if they can be exploited! If you have any interesting malware you want analyzed I'd be happy to check them out!
I've been working hard on improving the security here. Mostly trying to make everything work with quite a strict Content Security Policy. I think the current one is quite good!
You can read more about the proposed security.txt standard here: https://securitytxt.org/.
This is probably not something I'd recommend due to compatibility but beneri.se is now only served over TLS 1.3 for maximum security! I use the modern setting on Mozilla SSL Configuration Generator (awesome tool!).
I'm big fan of the Tor Project and as such I thought it would be cool to setup my own hidden service!
You can now find this website on the Tor network! http://beneri62jxxpjfaohxiftlxkqjvvbmsbhuxxe4jhoyxna3emfukcdyid.onion/
Of course it's not that hidden since it's on the same server and has my name everywhere, but still, pretty neat in my opinion.
No updates here from my side but I wanted to highlight that a 5-year-old highly contested record has been broken, twice! On 2020-08-31 itiv422 managed to beat Jiyong Youn(HLETRD)'s old MD5-MIN record from 2016! This record was again surpassed by 0x69BE027C97 last month! (2021-01-18).
I'm trying to find a universal hash "score" that would allow comparisons between different modes, e.g. is MD5-MIN with 10 leading zeros more difficult than a MD5-POPCOUNT-MIN of 20? I think something like
1 - #better_hashes / #total_hashes would be fair. Any ideas here would be greatly appreciated!