Links

Here are some of my favorite links on the web. Hopefully as time goes on this listing will grow to massive proportions. For now though, patience. If you know where a banner-button for one of these links is, please let me know so this page will get pretty.

If anyone would like to link to this site, I made this little banner-button just for you:





Programming

- I used to compete in these online programming contests; its a good time. The idea is that you are presented with a challenge and must code a working solution to it faster than anyone else. I'm not sure what languages are available now; but I recall C++, Java, C#, and Visual Basic (all compiled on the TopCoder servers; code written in a Java app). If you are a programmer; I definitely recommend checking this one out.


Hardware

- This blog is not specifically dedicated to hardware, but it does include a lot of hardware hacking stuff. Even if you're not really into this whole hacking thing; this is a cool site that showcases some of the creative things folks have done with technology.

- Homepage of Joe Grand (Kingpin): the fellow that creates all of those cool badges for DefCon. Joe, a former member of the L0pht, also contributed his expertise as an electrical engineer to the Discovery Channel's show "Prototype This!". Check out the Porfolio to see some of his cool electronics projects.

- This blog is not specifically dedicated to hardware, but it does include a lot of hardware hacking stuff. Even if you're not really into this whole hacking thing; this is a cool site that showcases some of the creative things folks have done with technology.


Cryptology

Side Channel Cryptanalysis Lounge - This is a massive collection of links to papers on side-channel attacks. This is a category of outside-the-box cryptographic attacks that use additional information (beyond input and output data) to break ciphers. These attacks tend to be based more in the real world than the usual academic/theoretical methods. Examples of information used to conduct side-channel cryptanalysis include power analysis, timing attacks, EM-emanation, cache exploitation, and more...

A Self-Study Course in Block-Cipher Cryptanalysis - The legendary cryptographer/security expert wrote this paper to provide beginners with a timeline for learning. The bulk consists of the names of other papers (or chapters in them) to look up and read. In addition to this page, I recommend Christopher Swenson's book "Modern Cryptanalysis" for learning the basics of this relatively obscure field.


Computer Security

DefCon 15 Talks - This is an awesome resource for videos of the lectures given at DefCon 15. Every one of them is included here, described, and linked (streamed through Google Video). Talks like these are a great way to learn; find a few that look interesting and give them a watch.

Avondale Blackhat/DefCon Archive - These files used to be hosted on Easynews but had to be moved due to space concerns. There is a ton of talks from various security conferences here; some video and some audio.

- Provide several wargame servers of varying difficulties. Wargames are servers that have been set up with various user accounts (with different privilege levels). The purpose of these servers is to allow interested folks to practice hacking legally. Each level of access (starting from level0) will have one or more vulnerable applications or services that, if exploited properly, lead to access to the next account level. Wargames are a lot of fun and you can learn tons working through the levels.

OverTheWire - Another wargame similar to SmashTheStack. I haven't played this one since back when it was called PullThePlug (made it pretty far in vortex then). I remember this one being harder than SmashTheStack. If you want to learn about exploit development, this style of wargame is awesome.


Reverse Engineering

- Excellent resource for tutorials about reverse engineering software. As is typical, the emphasis here is on software protection systems and their compromise. One series stands out among the rest: Lena's Reversing for Newbies - This is a series of flash video guides that is very well-written and include the target applications. If you want to start from scratch; download a few of these.

- This site contains a large collection of "CrackMes". A crackme is a stripped-down piece of non-commercial software that demonstrates a protection scheme (serial required, trial period, crippled functionality, nag screens, etc...). They are designed to be cracked/defeated for the purposes of sport and/or learning. The sophistication/difficulty ranges from trivial to far better than is seen in commercial software. The site also has written-up solutions to these crackmes submitted by members that have defeated them.


Lockpicking

- This is pretty much the central hub of the locksport community. I frequent this site a lot and consider it to be one of my favorites. There is a seperation of material into public and advanced of which access to the advanced forums requires some time and posts on the public forums. Although, I do not entirely agree with the types of information that are restricted in this manner; I do support this idea. The advanced forums is a good place to have focused discussion about new techniques and tools that may have a particularly negative effect on the public if released. LP101 is also, unfortunately, operated somewhat as a business. This has lead to some censorship and controversy. That said, it is still the best forum on the net about locks and the community is wonderful. Another related part of lp101 is their IRC channel. I frequent it pretty much every day as jkthecjer and I welcome you all to join us. I find that much of the cutting edge stuff hits IRC before it hits the websites and forums. The channel is #lp101 on Slashnet.

- Another newish forum that seems to have been formed after EZPicking went down. It is also the home to most of talented "YouTube pickers". It has been growing quickly and now has a well-established following. Contests are run there with some regularity.

- Lockpickology is a much newer forum that is something of a middle ground between LP101 and the now-dead EZPicking. The content is seperated in a similar manner as Lockpicking101, but the application process for the private area is quite different. Access is given by making yourself known to be trustworthy on the other forums and in the community. This may seem invite a good-ole-boys club mentality, but the reality is that its not the case. One of the advantages of lockpickology is that it is not run as a business for ad revenue. The politics present in the other forums is not really an issue there. The admins are also very open to new ideas about how the forum should run. One example of this was the creation of an entirely seperate sub-forum for discussing NDE magazine and its articles. I hope to see this forum grow in the future and intend to get off my ass to help make that happen.

- NDE stands for Non-Destructive Entry and it is free web magazine entirely devoted to lockpicking and even moreso the culture surrounding the locksport community. It is currently managed and edited by Schuyler Towne and has a small team of staff and regular contributors. The magazine is very open and if you write a nice article for submission, there is a very good chance it will be accepted. I have been somewhat invloved since the beginning and released my 3D lockpicking game through them with Issue #1. When NDE got started back up, I coordinated with them to publicly release my Medecoder tool. Check out Issue #3 for their coverage of the background of the tool and then Issue #4 for the actual information about how it works. It also be noted that the magazine has a very slick professional look to it and we should expect new issues roughly quarterly.

- The Open Organization of Lockpickers is a Dutch organization that is a big driving force in the community. It is headed up by Barry Wels and is home to some of the best pickers in the world. One of the big attractions of their website is the grouping of PDF papers written by Han Fey. These really are excellent references with beautiful photos of some of our favorite locks. Although the site doesn't update very often, these papers alone and the possiblity that new ones will be released make coming back a good idea.

- This is the web blog of Barry Wels. It is frequently updated (typically once per week) and contains some of the best emerging lock information out there. He also covers some other areas of security (like voting machines). I strongly recommend browsing through the archives of this blog; there are some really good entries buried in there.

- This is the web blog of Marc Weber Tobias. Although, the updates do not occur very often, they are usually worth waiting for. Marc is a lawyer and security researcher with strong ties to the lockpicking community. He has exposed vulnerabilities in many locks and published this information to the public as a way to force manufacturers to take action. This approach is not always effective, but it is a possible route to increased security. His book and multimedia collection, known as LSS and LSS+ respectively, is referred to as "The Bible" in the locksport world. His most recent target has been Medeco. He has attacked, among other thing, their resistance to destructive entry, key control, and code books. He was also very influencial in informing the public of bumping during that time.

Deviant Ollam's Lockpicking Talk - Deviant has been a fixture in the lockpicking world for quite some time now. He also gives the best presentations about picking that I've ever seen. He is very familiar with the subject-matter and makes the topic really fun. The talk also hits on almost every aspect of lock security and really shows the diversity of this hobby. This is a video of his talk with Renderman; the first 15 seconds or so of the video is black, but the picture comes in after that (I promise).

LockpickingForensics.com - Datagram's unique site dedicated to forensic locksmithing. Here you'll see lots of photos and explanations of the marks left by various lock manipulation methods and tools. There doesn't seem to be anywhere else on the web that has this kind of information. I was pretty tickled when I saw his image of the tool marks left by a Medecoder-style tool

N2oah's Lock Collection - This page has pictures and explanations of some of really interesting and rare locks. There is also some discussion of the picking and bypass possiblities. This should be required reading for anyone interesting in this stuff.

Locks and Security - Matt Blaze's small collection of great photographs and explanations of locks and picking. Also feaured here is the Michaud Mul-t-Lock overlifting attack as well as a vulnerability in master-keyed systems discovered by Matt.

Locks and Picks - This a photo collection taken by lock picker and photographer Eric Schmiedl. These pages feature some of the best photographs of the most interesting locks and tools out there. I cannot recommend this page enough. Much of the locks there are from Han Fey's collection and some of them do not exist anywhere else.

Making the Cut Gallery - This a gallery of photographs made by a fellow named Mitch Capper. The focus of the gallery is images of cutaway models (both factory and homemade) of various locks. The photos are excellent and pretty much angle you'd like is displayed. This allows you really understand how these cylinders work.