Resources | Xavier de Carné de Carnavalet

Tutorials and write-ups

My personal blog about solving convoluted problems, tutorials, write-ups & thoughts on security.
Tutorial to reproduce TrueCrypt (and by extension VeraCrypt) builds to ensure binaries match the sources.
Windows 7/8/10 admin account installation password stored in the clear in LSA Secrets. Report, Bugtraq (July 11, 2013).

Solidity contracts for Poly-X-DeFi-NFT and the random NFT distribution are in this GitHub repo.
LaTeX Master's/PhD thesis template for Concordia's Gina Cody School of Engineering and Computer Science.
Test added in badssl.com for the Root Agency dummy CA trusted by Net Nanny and Untangle NG Firewall (Nov. 28, 2018).

Divide mount and boot times by 2 using a pre-computation of values used in HMAC calculation in VeraCrypt. Optimization reflection, acknowledgement, commit by the maintainer (Jan. 14, 2016)

Weakness in a commercial password generator (details TBA) reducing entropy to 39 bits
30+59 vulnerabilities in 40 home routers (14+2 CVEs and equivalent), credits to my PhD student Junjian Ye, lists here and here, details in this paper and that paper.
Numerous vulnerabilities in 10 antivirus and 4 parental control apps, ranging from product-wide pre-generated or weak root certificates, lack of server certificate validation or signature checking, CRIME, BEAST, FREAK, Logjam, insecure renegotiation, and weak ciphersuites. No CVEs (youthful indiscretion), details in the paper.