The Internet of Stuff and Things

SHA-1 Collision  I'm playing with the PDFs created by the SHAttered.io researchers, you can download their paper explaining how they were able to generate a collision which also includes a Base64 encoded tar.bz2 archive of the 2 PDFs files from their site or from here . Artem Tashkinov, explains here and provides a link to a Pyhton3 script that creates collisions by Robert Xiao. First, here is how the 2 PDFs look like so you can see they are very different Original/Good PDF Collision / BAD PDF Both files have the same SHA1 hash: igor@KYLO-REN:~$ sha1sum good.pdf bad.pdf d00bbe65d80f6d53d5c15da7c6b4f0a655c5a86a good.pdf d00bbe65d80f6d53d5c15da7c6b4f0a655c5a86a bad.pdf Here's a diff of their Base64: igor@KYLO-REN:~$ diff --side-by-side good.pdf.b64 bad.pdf.b64 JVBERi0xLjMKJeLjz9MKCgoxIDAgb2JqCjw8L1dpZHRoIDIgMCBSL0hlaWdod   JVBERi0xLjMKJeLjz9MKCgoxIDAgb2JqCjw8L1dpZHRoIDIgMCBSL0hlaWdod IDQgMCBSL1N1YnR5cGUgNSAwIFIvRmlsdGVyIDYgMCBSL0Nv...

Python HTTPS Client using a Client certificate My client has requested a way to send data from Splunk to another application, using HTTPS POST, but there's also a requirement to authenticate the HTTPS Client using a certificate. In Splunk you can create a Custom Alert action  app, this is perfect for this solution because packaging everything in an app and deploying it to the Search Head clusters takes care of the High Availability and management of the application, all these features are already built-in in Splunk. I've decided to use Python because Splunk includes an interpreter already and it provides a lot of useful environment variables that can be passed as arguments to my functions to extract the data and formatted the way the Web Service understands it. For this post I'm not sharing the Splunk alert app because it's very particular for my client, I'm only going to talk about building a quick test environment an a python script to send an HTTPS POST ...