Florent Daignière's blog

  • Application firewalling with netfilter (part 2)

    26 Jul, 2015

    Last time we've looked into how to do application firewalling with netfilter and came up with an answer whose dependencies aren't shipped by mainstream distributions just yet. Today we will find another way of doing the same thing on with the tools everyone have.

    # install dependencies
    sudo apt-get install sudo …
  • Application firewalling with netfilter

    23 Jul, 2015

    Today I've stumbled upon a post from my friend Feth, asking whether allowing only firefox to access the internet was possible on Linux... Of course it is! Here's one of the many ways:

    # setup the firewall
    sudo iptables -F OUTPUT
    sudo iptables -P OUTPUT REJECT
    sudo iptables -A OUTPUT -m …
  • Disabling connection tracking on bridge interfaces created by libvirt

    22 Jul, 2015

    Today I got bitten by a problem I've already encountered in the past... and as I didn't document it properly, I had to google it again! Let this blog entry be a more permanent documentation than the previous one.

    Early in the morning, the supervision system has started alerting me …

  • Netflix ultimate geolocation bypass with an edgerouter

    05 Jan, 2015

    It looks like Netflix has updated their geolocation code... attempting to prevent their users from watching content intended for other regions. This post explores a few technical avenues one might consider to bypass it.

    Googling around, it becomes increasingly clear that many people are making a living out of selling …

  • CVE-2014-1409 or the sad tale of an XPath injection affecting mobileiron products

    23 Jun, 2014

    Following up on my last post about XPath injections, I will document part of the process we went through to exploit CVE-2014-1409 and hopefully convince a few that this category of bugs is no joke and should be looked for during pentests.

    So, what about it? Well, let me tell …

  • continue   →