Creating software entirely from scratch is impractical today. Every component, library, and tool we use in software development relies on open source libraries and compilers. In his talk "Reflections on Trusting Trust," Ken Thompson brilliantly demonstrates that "You cannot trust code that you did not totally created yourself." I find the method of proving this assertion to be absolutely fascinating. It could be one of the most bold and thought-provoking ideas in cybersecurity history. In this article, I revisit Thompson's famous proof of distrust, 40 years later.
This article delves into symmetric and asymmetric encryption, as the building blocks of Public Key Infrastructure (PKI). It describes how PKI allows safeguarding the authenticity and security of digital communications across the internet.
Hardening the software supply chain is a critical challenge for modern software companies.
The Zip Slip vulnerability is exploited using a specially crafted archive that holds directory traversal filenames. I prepared and exploit and explain how it works.
