The state of RPKI Deployment in Greece

Published on February 25, 2019

A report on the state of RPKI deployment from Greek networks, conducted February 2019, including the top ASNs in Greece.

Not everyone works for you

Published on March 7, 2017

A blog post on how some companies and people get confused and act like everyone works for them.

"Security" companies and abuse e-mails

Published on February 7, 2017

A post on how some so called "security" companies cause much more trouble that it's worth mostly due to ignorance on their part.

Debian Firewall when using Docker

Published on January 2, 2017

This post is a tutorial / guide on how to run a firewall on Debian or Ubuntu easily, even if you use Docker.

Guarding your Tor Exit's DNS

Published on October 4, 2016

An attack was published against Tor users that deanonymized them based on DNS. Here we see how Exit Operators can protect the users from these attacks.

Running a Tor Exit Node for fun and e-mails

Published on September 2, 2016

In this blog post, I go over the experiences I had running a Tor Exit Node for about 8 months.

Capturing flags in Thessaloniki

Published on August 26, 2016

A blog post on how a small group of people organized an educational event with a Capture the Flag contest in AUTh. The story and what I learned.

Setting up EdgeMAX Devices for OTE IPv6

Published on July 7, 2016

A guide on how to set up Ubiquiti EdgeMAX EdgeRouter as a PPPoE client with IPv4 and IPv6. The guide uses OTE as an example.

Get eBay Users' Personal Info for free!

Published on July 7, 2016

In this blog post I describe how an attacker got my personal information just by using eBay. It is based on a real story and should not be used as a guide.

In Transparency, Size Matters

Published on June 23, 2016

Certificate Transparency is a project started by Google in order to allow anyone to verify the practices of all Certificate Authorities. In this post, we take a look.

A Secure Week

Published on June 21, 2016

I challenged myself to spend a week without access to any HTTP website, in order to determine whether the web is HTTPS yet.

The callback

Published on March 15, 2016

A story about the current situation in Greece in terms of phone carriers and some truth about Vodafone's "Call Back" feature.

Now on Tor!

Published on January 7, 2016

A blog post about Tor Hidden Services and the announcement of the Official DaKnObNET Hidden Services, which allow visitors to access my websites over the Tor Network, in the form of Hidden Services.

Grab some popcorn and launch Popcorn Time

Published on August 2, 2015

I examine the security of the popular movie and TV series piracy application "Popcorn Time", and find multiple critical vulnerabilities that range from application code execution, all the way to remote code execution, for a full computer compromization, by executing arbitrary shell commands.

Password Managers and Security Questions

Published on July 24, 2015

In this blog post I talk about password managers, and how security questions can actually reduce your security. All this, over a nice, real life story I had with a customer service representative, who didn't like my first school's name, DzLCMpeyuAhAT>RgTuvJPna2s3K)8dUM^V$(QUNu#omuByCvJ8.

e-Voting: Math vs. Implementation

Published on July 9, 2015

In this blog post I go over the vast gap between math and implementation (software code) in terms of security, by examining the case of online voting. In addition, as an example, I am disclosing some security vulnerabilities found in an online voting software.

The Best HTTPS Configuration

Published on June 22, 2015

In this blog post I attempt to examine what is the current best TLS configuration for your web (or not) server, and why answering this question is really not that simple.

Chrome, Chromium, and Certificate Caching

Published on June 18, 2015

This blog post contains a bug I found in Google Chrome and the Chromium browser in which the software failed to update the GUI of which certificate is used, therefore showing the previous certificate to the user, even in cases where the certificate has actually changed in the server.

Physical Security - Bad Design Practices

Published on June 18, 2015

During a store visit, I discovered a secure lock that used an RFID access card to limit access. But there was a way to easily bypass it.

Authentication In File Uploader

Published on June 17, 2015

Learning some basic PHP Web Application Security by following an actual example of a file uploading script I wrote for my University.