Post-Mortem: Trollcave

This is a post-mortem of my Trollcave vulnerable VM. As it goes into implementation details of the different components and their vulnerabilities, it can be considered a comprehensive spoiler. If you’re going to, complete the VM before reading this. By the period between its inception and release, Trollcave was the labour of two years and a bit. But in terms of when I actually worked on it, it was the labour of about three weeks. Over the first week following its initial commit, I coded in a mad frenzy. Then...

Walkthrough: Trollcave

Now that a couple of people have finished my vulnerable VM Trollcave (and let me know) it’s time to release the official walkthrough. OhExFortyOne and LutusHacks have also released walkthroughs, so check those out too for a couple of different takes on the box. There are a few different ways to approach this VM and successfully root it, but the compromise path I built it around looks like this: In addition to this path, there’s...

Going fourth

It’s time for another retrospective post – the fourth one. The number four has some fun associations: it is an unlucky number in China, the number of horsemen of the apocalypse, and – as 0x04 – it is also the ASCII character for “End of Transmission”. All that made it very difficult to title this post in a way that didn’t make it seem like I was ending the blog, so you’ll have to forgive me for the rather weak pun I...

Spotify vs Google Music

Spotify recently launched in South Africa, so I decided to try it out. I’ve been reasonably happy with Google Music up until this point, but with Spotify being the music streaming service, I felt it was worth seeing if I’d been missing out or not. So I signed up for the 30-day premium trial and made some comparisons to Google Music, culminating in this post. Spotify’s intended experience is clearly through the desktop application, of which versions exist for Windows, Mac and Linux. There’s also a...

The project wizard

Here’s something I find software increasingly doing that irritates me a little bit: the startup project wizard. For an example, look at just modern programming IDEs like PyCharm, RAD gamedev tools like Unity and GameMaker Studio and even newer versions of the pentesting-focused HTTP proxy tool Burpsuite. Open any of these programs and you’ll be greeted by a project wizard. Before you can actually use the program to do any programming/gamedev/traffic interception/etc, you have to go through a bunch of menus to create a new project with...