## Integrating The Delta Function (Again and Again) – Penrose Version

I quoted Nobel prize winner Paul Dirac’s book, now I will quote this year’s physics Nobel prize winner Roger Penrose. In his book The Road to Reality Penrose discusses not-so-well-behaved functions like the Delta Function: They belong in the category of  Hyperfunctions. A Hyperfunction is the difference of two complex functions: Each of the complex…

## The RSA Algorithm

You want this: Encrypt a message to somebody else – using information that is publicly available. Somebody else should then be able to decrypt the message, using only information they have; nobody else should be able to read this information. The public key cryptography algorithm RSA does achieve this. This article is my way of…

## Integrating the Delta Function (Again) – Dirac Version

The Delta Function is, roughly speaking, shaped like an infinitely tall and infinitely thin needle. It’s discovery – or invention – is commonly attributed to Paul Dirac[*]. Dirac needed a function like this to work with integrals that are common on quantum mechanics, a generalization of a matrix that has 1’s in the diagonal and…

## Delta Function Haiku

I have proved that a Lorentzian bell curve becomes the Dirac Delta Function in the limit. Now I want to look at another representation of the Delta Function. As this is a shorter proof, a haiku will do. ~ Infinite numbers of oscillations added. Need to damp them down Symmetrically attach an exponential for each…

## The Improper Function and the Poetry of Proofs

Later the Delta Function was named after their founder. Dirac himself called it an improper function. This time, the poem is not from repurposed snippets of his prose. These are just my own words to describe a proof: ~ In the limit the Lorentzian becomes the improper function. In the limit of tiny epsilons it…

## Poetry: Dynamical Variables and Observables

The lines of the following poem are phrases selected from consecutive pages of the second chapter of Paul Dirac’s Principles of Quantum Mechanics, Fourth Edition (Revised), Dynamical Variables and Observables. we may look upon the passage for the triple product We therefore make the general rule in spite of this fundamental difference which conforms with…

## Poetry: The Principle of Superposition

The lines of the following poem are phrases selected from consecutive pages of the first chapter of Paul Dirac’s Principles of Quantum Mechanics, Fourth Edition (Revised), The Principle of Superposition. ~ one would be inclined to think There must certainly be some internal motion from general philosophical grounds we cannot expect to find any causal…

## Edginess: What I Was Searching For

First Spam Poetry since a long time! Every line is an unedited snippet from about 100 spam comments on this blog. Process: View spam comments at random Either pick a phrase from the comment or discard it, then delete the comment. Jump to the next spam comment – spam comments can be processed in any…

## Impersonating a Windows Enterprise Admin with a Certificate: Kerberos PKINIT from Linux

This is about a serious misconfiguration of a Windows Public Key Infrastructure integrated with Active Directory: If you can edit certificate templates, you can impersonate the Active Directory Forests’s Enterprise Administrator by logging on with a client certificate. You have a persistent credential that will also survive the reset of this admin’s password. In the…

## Locating Domain Controllers and Spoofing Active Directory DNS Servers

Last year, hackthebox let me test something I have always found fascinating – and scary: You can impersonate any user in a Windows Active Directory Forest if you have control over the certificate templates of an AD-integrated Windows Public Key Infrastructure: Add extended key usages for smartcard logon to the template, enroll for the certificate,…

## The Solar Self-Building Movement

Every year the International Energy Agency publishes a detailed report on worldwide usage of solar thermal energy. The last one from 2019 is based on data from 2017. Countries are ranked by their installed capacity: Collectors’ thermal heating power under standard operating conditions is linked to their area: 0.7 kWth (kilo Watt thermal) per square…

## Tower in the Middle

To honor Foucault’s Pendulum (the novel), I am creating poetry from it – and in its spirit. Rules: Open the physical book at a random page and point to a random place. Pick a phrase touched by your finger tip. This becomes a line of your poem. Repeat until it feels like the poem has…

## Pendulum

I was reading a scholarly thesis about Austria’s history of energy engineering and politics. Our only nuclear power plant was built and ready to go at the end of the 1970s. Only after it was completed a referendum was held, and 50.5% of voters decided against ever putting it into operation. The plant turned into…

## Connectedness and Independence

My websites ebb and flow. After 23 years of writing online, I am recognizing recurring patterns. I am keeping ancient hyperlinks intact. All articles I had published here before 2020 are still available elsewhere, also under the former main domain used at WordPress – elkement.blog. My frustration about other referenced websites’ ever changing and abandoned…

## When Will It End?

This is internet poetry – “found poetry”. Rules: Google for your chosen title: “When will it end?” Click a random search result, pick one phrase from the text. This is the next line of the poem. Click a random hyperlink on this page, pick a phrase from this text –> next line. It’s not allowed…

## Remote Work

Many long-term remote workers share their experiences – here are some random thoughts of mine. For many years, an onsite appointment has been the exception for me. This does not apply to any kind of work – but I have always believed that in some industry sectors much more remote work would be possible than…

## Stuff

This is not an attempt to have an opinion or try to find a new aspect in this crisis. I am just writing about my own experiences, and anybody else’s might be different. I have always been a minimalist, long before it was fashionable and a movement. I have been disposing and donating stuff relentlessly….

## Telephone Sanitizers and Stories

Douglas Adams has been credited with anticipating the iPad and the internet. When I read Translate this tweet! I feel the Babel Fish in my ear. But I thought he was wrong about the Telephone Sanitizers: The Golgafrinchans tried to get rid of the useless third of their population: Hairdressers, account executives, management consultants, insurance…

## Re-Start

This blog has been offline for a while. I had moved the content (and custom domain) formerly hosted here elsewhere. There will be times I’ll be motivated enough to describe this migration. For now, I want to re-start the blog at its wordpress dot com domain. My only goal is to keep my sanity. I…

## Helpline @ hackthebox: Injecting an EFS Recovery Agent to Read Encrypted Files

Another great machine has been retired on hackthebox.eu – Helpline by @egre55! Here is my ‘silly’ unintended way to root the box: You can get both the encrypted user and root flag via the cumbersome web RCE alone – if you wait for a legit user to just look at the file. This is unlikely…

## Sizzle @ hackthebox – Unintended: Getting a Logon Smartcard for the Domain Admin!

My writeup – how to pwn my favorite box on hackthebox.eu, using a (supposedly) unintended path. Sizzle – created by @mrb3n813 and @lkys37en – was the first box on HTB that had my favorite Windows Server Role – the Windows Public Key Infrastructure / Certification Authority. This CA allows a low-privileged user – amanda –…

## Simple Ping Sweep, Port Scan, and Getting Output from Blind Remote Command Execution

Just dumping some quick and dirty one-liners! These are commands I had used to explore locked-down Windows and Linux machines, using bash or powershell when no other binaries were available or could be transferred to the boxes easily. Trying to ping all hosts in a subnet Linux for i in \$(seq 1 254); do host=192.168.0.\$i;…

## Echo Unreadable Hex Characters in Windows: forfiles

How to transfer small files to a locked-down Windows machine? When there is no option to copy, ftp, or http GET a file. When powershell is blocked so that you can only use Windows cmd commands? My first choice would be to use certutil: certutil is a built-in tool for certificate and PKI management. It…

## Ethereal @ hackthebox: Certificate-Related Rabbit Holes

This post is related to the ‘insanely’ difficult hackthebox machine Ethereal (created by egre55 and MinatoTW) that was recently retired. Beware – It is not at all a full comprehensive write-up! I zoom in on openssl, X.509 certificates, signing stuff, and related unnecessary rabbit holes that were particularly interesting to me – as somebody who…

## Certificates and PKI. The Prequel.

Some public key infrastructures run quietly in the background since years. They are half forgotten until the life of a signed file has come to an end – but then everything is on fire. In contrast to other seemingly important deadlines (Management needs this until XY or the world will come to an end!) this…

## Modbus Server on Raspberry Pi as Babelfish for UVR16x2

Our main data logger is the Control and Monitoring Interface of the freely programmable controller UVR16x2. There are two pieces of hardware you need for logging – the actual control unit and the logger connected to the controller via the CAN bus. This ‘architecture’ might be due to historical reasons, but I like the separation…

## Unintended 2nd Order SQL Injection

Why I am not afraid of the AI / Big Data / Cloud powered robot apocalypse. SQL order injection means to run custom SQL queries through web interfaces because the input to the intended query is not sanitized, like appending the infamous ‘ OR ‘1’=’1 to a user name or search term. It is 2nd…

## A Color Box. Lost in Translation

It was that time again. The Chief Engineer had rebuilt the technical room from scratch. Each piece of heavy equipment had a new place, each pipe and wire was reborn in a new incarnation (German stories here.) The control system was turned upset down as well, and thus the Data Kraken was looking at its…

## Cyber Something

You know you have become a dinosaur when you keep using outdated terminology. Everybody else uses the new buzz word, but you just find it odd. But someday it will creep also into your active vocabulary. Then I will use the tag cyber something, like stating that I work with cyber-physical systems. But am I…

## Heat Conduction Cheat Sheet

I am dumping some equations here I need now and then! The sections about 3-dimensional temperature waves summarize what is described at length in the second part of this post. Temperature waves are interesting for simulating yearly and daily oscillations in the temperature below the surface of the earth or near wall/floor of our ice/water…