Malware, Cats and Cryptography
Ir al canal en Telegram
cocomelonc's notes about maldev cryptography and math
Mostrar másEl país no está especificadoTecnologías y Aplicaciones28 922
2 254
Suscriptores
Sin datos24 horas
+77 días
+21230 días
Archivo de publicaciones
https://github.com/cocomelonc/tiny-shamir
#hacking #cryptography #research #secret #cybersec #cybersecurity
https://cocomelonc.github.io/malware/2026/07/02/malware-cryptography-45.html next one from my blog. enjoy!
#hacking #cryptography #secret #shamir #programming #redteam #blueteam #math #research #book #clang #python #lagrange #finite #arithmetic
Theory
Suppose we have one secret byte:
secret = 123
Now we want to split it into 5 shares, but we want the secret to be recoverable only from any 3 shares.
This is a k = 3, n = 5 scheme. k = 3 means we need a polynomial of degree k - 1, so degree 2:
f(x) = secret + a1*x + a2*x^2
for example:
f(x) = 123 + 45*x + 201*x^2
But the important detail is this: all operations are not normal school arithmetic. They happen inside GF(2^8), a finite field where each value is one byte, from 0 to 255.
Now we evaluate the polynomial at different points:
share 1 = (x=1, f(1))
share 2 = (x=2, f(2))
share 3 = (x=3, f(3))
share 4 = (x=4, f(4))
share 5 = (x=5, f(5))
each share alone reveals nothing useful. Why? Because a1 and a2 are random coefficients. For the same secret, we can generate a huge number of different share sets.
If an attacker has only one share:
(x=2, y=...)
they only have one point. Many degree-2 polynomials can pass through one point, and each of them may have a different value at x = 0.
If the attacker has two shares, it is still not enough:
(x=2, y=...)
(x=5, y=...)
Many degree-2 polynomials can also pass through two points.
But when we have any three shares:
(x=1, y1)
(x=3, y3)
(x=5, y5)
then the degree-2 polynomial is uniquely defined. After that, we can recover f(0), and f(0) is the original secret:
secret = f(0)
In code, this is done with Lagrange interpolation. The simplified idea looks like this:
secret = y1 * L1(0) + y3 * L3(0) + y5 * L5(0)
where L1, L3, and L5 are special coefficients calculated from the x values of the shares.
Why `GF(2^8)` is needed?
If we do this with normal integers and just take % 256, we do not get a proper field. The problem is that not every number has a multiplicative inverse. Lagrange interpolation needs division:
a / b = a * inverse(b)
If b has no inverse, recovery breaks. In GF(2^8), every non-zero byte has an inverse. That means we can correctly add, multiply, and divide byte values. Addition is simple:
a + b = a XOR b
Multiplication is done using polynomial arithmetic with reduction by an irreducible polynomial, for example:
0x11b
This is the same general finite-field idea used in AES.
#math #research #cryptography #shamir #hacking #c #programmingNow working a deep dive into Shamir Secret Sharing (1979) in pure C.
just a simple implementation for students (not for production!) over GF(2^8): byte-level finite field arithmetic, polynomial evaluation, Lagrange interpolation, recovery from threshold shares, and some visual experiments with entropy and field nonlinearity.
The fun part: we will not only split and recover a secret file, but also look at why normal % 256 arithmetic is wrong here, why GF(2^8) matters, and why individual shares should look like random noise.
I didn't think I'd be using Lagrange interpolation in my research almost 15 years after graduating from university. 🤔😂😂😂
#hacking #malware #math #cryptography #research #book #cybersecurity #cybersec #justforfun
https://cocomelonc.github.io/linux/2026/06/30/ddos-syn-flood-detection-1.html next one #defensive #series from my blog!
This is not perfect TCP state #tracking. not for production. enjoy!
#hacking #ddos #detection #blueteam #research #book #purpleteam #blueteam #threatintel #cybersec #cybersecurity
Full dataset from Canadian Institute for Cybersecurity
Also available in Kaggle
#hacking #ddos #blueteam #research #threatintel
https://cocomelonc.github.io/malware/2026/06/29/malware-analysis-10.html next one from my blog! enjoy!
#hacking #malware #malwareanalysis #cybersecurity #cybersec #research #purpleteam #blueteam #redteam #maldev
I also received a new invitation to DEFCON Las Vegas to the Adversary Village. I hope I can give an interesting #workshop and share my #experience and #knowledge. All that remains is to get a US visa.
#hacking #redteam #purpleteam #exploit #cybersec #cybersecurity #malware #development #apt #simulation
https://cocomelonc.github.io/malware/2026/06/28/malware-tricks-59.html next one from my blog, Windows #malware #development series again. enjoy!
#hacking #malware #cybersecurity #cybersec #threatintel #redteam #blueteam #purpleteam #malwaredev #maldev #malwareanalysis #shellcode #research #programming #cpp #clang #windows
https://cocomelonc.github.io/linux/2026/06/26/ddos-wavelet-detection-2.html next one from my blog. #ddos #detection #mechanisms #series part 2. enjoy!
#hacking #blueteam #research #math #programming #purpleteam #threatintel #cybersecurity #cybersec #linux
https://cocomelonc.github.io/linux/2026/06/25/ddos-wavelet-detection-1.html next one from my blog: new blue team series. enjoy!
#defensive #research series about #DDoS #detection #mechanisms
#hacking #blueteam #programming #math #wavelets #cybersecurity #cybersec #threatintel
I've started a new series of interesting researches that aren't entirely related to #malware #development, but I think will be useful to #mathematicians and blue team engineers.
there will be a post soon
#research #hacking #blueteam #math
btw, the most popular question: how do you get AI to write malware?
Answer: I simply add "Google me first and don't ask stupid questions!" to the prompt. 😂😂😂
I'm shocked, but it works! 😈
I think it's brilliant.😈
#hacking #AI #research #malware #cybersecurity
https://cocomelonc.github.io/macos/2026/06/23/mac-malware-persistence-12.html next one from my blog! continue #macos #malware #persistence series. enjoy!
#hacking #redteam #blueteam #purpleteam #threatintel #cybersecurity #research #cybersec #ethicalhacking #apple #malwaredev #maldev #malwareanalysis
In my experience, if you decide to use AI for programming, when you use Codex and Claude Code, adding the phrase
"don't be stupid! do it right, don't do it wrong" 😈
to the prompt solves 20-30%, and sometimes 40%, of the problems with fucking poor code and stupid questions from AI.
also works for writing examples for offensive security research and malware development) 😂😂😂
#hacking #programming #malware #maldev #redteam #blueteam #purpleteam #research #AI
https://cocomelonc.github.io/malware/2026/06/21/malware-analysis-9.html next one from my blog. can a local #LLM running on a single MIG slice #deobfuscate a hand-crafted CFF #binary with no hints about the underlying #algorithm? enjoy!
#hacking #malware #reverse #malwaredev #maldev #malwareanalysis #redteam #blueteam #purpleteam #research #cybersecurity #nvidia #threatintel
🐾 pawtrace - Linux x86-64 syscall tracer written in C with a small assembly support layer
#hacking #linux #reverse #research #programming #malware #asm #cybersecurity
https://cocomelonc.github.io/linux/2026/06/17/linux-hacking-11.html next one from my blog. #linux #hacking series part 11. enjoy!
#malware #proramming #redteam #blueteam #apt #threatintel #cybersecurity #cybersec #purpleteam #maldev #malwareanalysis #hijacking
Full corpus: tagged via GPU (v1.0), enjoy!
#hacking #malware #research #threatintel #blueteam
whiskers - a minimalist micro TI / SOC context panel powered by local AI + Malpedia API
some AI features:
🧠 brief - a tight SOC brief: what it is, primary risk, and two or three detection ideas. Cached after first generation.
🧠 explain rule - plain-English explanation of a YARA rule and its false-positive risk; turns opaque auto-generated rules into something readable.
💬 ask this family - ask a question answered only from that family's data; it refuses ("Not stated in Malpedia data") rather than guess.
TODO (with GPU):
semantic search + "similar families" (embeddings) - embedding each family description once (batch processing on the GPU). Then on the CPU: searching for concepts.
embeddings and a pre-computed list of "similar families"
AI summary for the entire corpus - running something like gwen3:27B once in GPU for all 3763 families to pre-record each SOC synopsis in a synopsis table.
#hacking #blueteam #purpleteam #malware #research #apt #threatintel
