Gianni Tedesco

This is the web page for Gianni Tedesco <gianni at scaramanga dot co dot uk> by accessing this website, you are agreeing to the terms of the secret agreement. Refusing these terms indicates acceptance of terms.

I accept communications encrypted with my public GPG Key (ID: 8646BE7D), however it's all rather pointless.

key fingerprint: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

There is a new server status page but you can still get the old one at status.html. You can also find a directory full of miscellaneous crap to play with.

Free Software I Have Written

With free software you have freedom!

• Firestorm Network Intrusion Detection System - A high performance modular network intrusion detection system.
• PCI Host Proxy Support for QEMU - The worlds sexiest PC emulator can now use real PCI devices inside the virtual machine (while also logging data sent back and forth across the virtual PCI bus).
• USB Support for QEMU - Still a work in progress, but I'm working on an OHCI USB host controller.
• Skunk DB - The fastest database in the world? It could get even faster.
• nads-0.3.tar.gz - N.A.D.S. (Normalized Attack Detection System) is an HTTP normalization library and squid ACL helper.
• ScaraOS - 32bit multiboot OS kernel with virtual memory for IA32 (PC/AT).
• GP32 stuff - Defunct GP32 utilities...
• Firewall Monitor (Linux only) - A firewall monitor for Linux kernels, can dump full packets to tcpdump files or hex dump to screen.
• ircnukes - An irc based nuclear war game

Reverse Engineering

• webschlong.c - Queries websense servers using WISP. You can also get tcpdump captures of some WISP traffic if you are interested.
• Broadcom BCM94306 802.11g Adapter - Some data logs and information about the BCM94306 card, I aim to write a full specification eventually.
• sweet-rev-eng - This is a graphical decompiler and reverse engineering toolkit that I am working on at the moment. I am developing some patent-not-pending techniques for retreiving C source code from machine code (as close as is possible) as well as other things.

Documents

• The Tao of Network Intrusion Detection Slides for a speech I gave at Hewlett Packard Labs (Bristol) on 23 January 2004. It gives an overview of Firestorms architecture and the problems in NIDS implementation, concluding with how Firestorm aims to solve those problems.
• [PDF] - Tedesco G. and Aickelin U. (2003): Adaptive Alert Throttling For Intrusion Detection Systems. Submitted and under review.
• Writing Reliable Software - How to avoid corrupting the users data.
• Modern Standard Arabic in Linux - Notes on using Arabic alongside English in GNOME2.

Code-Fu and Other Stuff..

• lists.tgz - Diebold mirror (12MB). See why war for a more detailed explanation.
• sieve.c - Generate prime numbers using Eratosthenes sieve. Implemented using a bit-vector making it a little less sensitive to cache timings and memory consumption.
• rbtree.c - A simple red-black tree implementation
• lincap.c - A FAST sniffer for Linux (mmap() packet socket), slightly stolen from Alexey ;)
• genpass.c - A program which generates strong random passwords from the system entropy pool
• crack-o-matic.c - A program which checks the strength of passwords read from stdin. Requires cracklib (-lcrack)
• cache.c - A tool which displays which pages of a file are in the kernels page cache.
• netfilter-promisc.diff - Adds support for capturing packets in promiscous mode in netfilter (iptables).
• tproxy-gid.diff allows you to specifiy a GID (via. /proc/sys/net/ipv4/tproxy_gid) to allow access to the linux TPROXY functions. Applies on 2.4.21 + TPROXY.
• squid-ssl-hw-acceleration.diff - hardware SSL acceleration for squid 2.5
• squid-2.5-tproxy-03.diff - Linux transparent proxy support for squid 2.5
• squid-HEAD-tproxy-00.diff - And for squid 3.0 CVS branch
• squid-HEAD-fnv1a.diff - A faster string hashing function for squid 3.0 (benchmark it for yourself)
• act.c and bytesex.h - Allow you to extract data from Symantec ACT! databases. I started turning the code in to a GUI called fuct.

Free Software I Have Contributed To

• The Netfilter project - Various bugfixes, and extra modules such as NETLINK, and a re-write of the string matcher.
• The Linux Kernel - Contributed mainly through netfilter
• Squid - I wrote hardware SSL acceleration and transparent proxy support for the worlds most popular web proxy. Rejoice!

Development Environment

All the tools I use in my hacking work

• VIM - I do most of my stuff in vim, it's really efficient to code with.
• I compile all my code with GNU GCC, a portable C compiler, and use GNU binutils for a linker etc..
• I recommend Anjuta, a free IDE for the GNOME desktop (similar to KDevelop).
• I sometimes program in python, a cross-platform interpreted object oriented language.
• The GNU binutils are VERY useful!
• I love GNU diffutils for creating patches
• I used to use CVS for version control.
• I now use subversion.
• Qemu is a CPU emulator that pwns vmware - very useful for reverse engineering shitty hardware.

@(#) $Id: index.html 682 2004-09-10 03:02:36Z scara $
Copyright (c) Spanish Inquisition 1478-1834. All rights reversed.