Alok Menghrajani's Blog

Last post

Square CTF 2018

Nov 8, 2018

Square | CTF | Hacking competition

Open Sourcing Subzero: Square's Bitcoin Cold Storage Solution

Oct 22, 2018

Bitcoin | cold storage | hardware security module

Bootable CD + retro game in a tweet

Jun 18, 2018

bootloader | iso | el torito | tron | code golf

Bitcoin Transaction Malleability in 2018

Apr 14, 2018

bitcoin | security | crypto | blockchain | malleability

Advent of code 2017

Dec 1, 2017

adventofcode | 2017 | solution | rust | rust-lang

Square CTF 2017

Oct 4, 2017

Square | CTF | Hacking competition

3D printed chess set

Jan 15, 2017

3d printing | bezier curves | experimental user interface

Thoughts on web security & privacy

Jan 2, 2017

web security | privacy | random thoughts

Advent of code 2016

Dec 1, 2016

adventofcode | 2016 | solution | rust | rust-lang

Building multi-master distributed systems using feeds

Sep 19, 2016

distributed systems | data replication | multi-master | tla+

Year of Plenty

Sep 14, 2016

charitable | fund

My $3/month backup setup

Aug 4, 2016

backup | life tips

Exploring 3 insecure usage of RSA

Jul 27, 2016

crypto | rsa | chinese remainder theorem

The hardware CTF

Jun 21, 2016

hardware | ctf

Programming an at89s4051 with an Arduino

Mar 21, 2016

arduino | at89s4051 | bitbang

On the design of Hack

Mar 18, 2016

Hack | PHP | Facebook

AFOL (adult fan of Lego)

Mar 5, 2016

lego | super cars

Voting experience for a Swiss expat

Jan 30, 2016

voting | Switzerland

Crypto white elephant gift exchange puzzle

Dec 12, 2015

crypto | algorithm

Advent of code 2015

Dec 1, 2015

adventofcode | 2015 | solution | rust | rust-lang

Three cylinders: random geometry geekery

Nov 30, 2015

math | 3d objects

Interested in working at Square?

Oct 27, 2015

A simple yet robust approach to sanitizing user supplied HTML and CSS

Oct 11, 2015

html | css | parser | xss

µ mod player from scratch

Sep 25, 2015

demo scene | mod file format | music | javascript

A few (easy | fun) math puzzles

Sep 18, 2015

math | puzzle

Hub-ctrl

Sep 4, 2015

usb | hub | Yubikey | control

Reporting "authenticity_token is not random across page loads" to a bunch of companies

Aug 13, 2015

bug bounty | csrf

A chess engine to improve my Golang-fu

Aug 2, 2015

golang | chess | ai

My experience serving in the Swiss army

Jul 20, 2015

switzerland | army

git rebase + conflicts with deleted files

Jul 17, 2015

git

Bootloader + retro game in a tweet

Jul 1, 2015

bootloader | operating systems | nibbles | code golf

A simple, auditable and anonymous voting scheme

Jun 1, 2015

voting | algorithm

Hackerone for open source projects

May 21, 2015

hackerone | bug bounty | open source

Open sourcing Keywhiz: Protecting infrastructure secrets

Apr 20, 2015

keywhiz | open source

PGP 'quine': a key where the user == the key's fingerprint

Jan 19, 2015

quine | pgp | gpg | crypto

WebRTC leaks internal IP addresses

Jan 6, 2015

websec

Detecting incognito mode in Chrome

Jan 6, 2015

websec

Message Board over PGP Key Servers

Jan 6, 2015

A less error prone HMAC-based hash construction
or how to avoid shooting yourself in the foot with HMAC

Sep 25, 2014

crypto | security | engineering

Forth Haiku
mixing math, art and Forth

Sep 14, 2014

math | computer graphics | Forth | esoteric programming language

I am working at Square

Aug 10, 2014

ajsone
Abusing JSON Esolang

Jul 21, 2014

esolang | compiler

Dodecahedron Folding

Jul 11, 2014

math | computer graphics | webgl

Rough thoughts on Login Systems

Jul 5, 2014

web login | security | engineering

(minor) WTF Openssl

Mar 28, 2014

crypto | openssl | wtf

Prolog program to solve "inverting three signals" puzzle

Jan 20, 2014

prolog | puzzle

2048-undo: a modification to 2048 which lets you undo as many moves as you wish

Mar 18, 2014

CSRF & state mutation on read requests

Dec 9, 2013

csrf | security | engineering

Universal logic gates

Nov 20, 2013

Various wood (and non-wood) projects using lathes, laser cutters & 3d printers

Nov 7, 2013

wood | 3d printing | laser cutter | lathe | stuff I make

JSONP & handcrafted Flash files

Oct 22, 2013

jsonp | xss | flash

qrquine: a QR code based quine

Sep 27, 2013

qrcode | quine | javascript | size optimization | code golf

Piet: a language where programs are works of modern art

Jul 24, 2013

esolang | compiler

WTF Python

Jul 23, 2013

python | wtf

Ten Technology Ideas

Jul 21, 2013

technology | random thoughts

Obfuscated coding contest

Jul 14, 2013

C | coding | contest

Do you know your bitwise operators?

Jul 1, 2013

puzzle | bitwise | operators

Arduino: showing information from a GPS on a LCD

Jun 16, 2013

arduino | gps

Combining React and Firebase: sample TicTacToe game & chat widget

Sep 13, 2013

Secure browsing by default (https @ Facebook, part 2)

Jul 31, 2013

Some dark corners of C (Rob Kendrick)

Jul 5, 2013

GIF encoder from scratch

Jun 19, 2013

Sum of first n natural numbers

Jun 4, 2013

A perpetual calendar in JavaScript

May 7, 2013

a linter and visualizer for regular expressions

Apr 29, 2013

Mapping an IP address to an ASN

Apr 18, 2013

Random list of extinct web or software technology

Apr 15, 2013

Javscript model of Ackermann steering

Mar 31, 2013

Regular expression to match multiples of 3

Mar 27, 2013

WTF jQuery

Mar 5, 2013

FAT12 file system "driver" in javascript

Feb 20, 2013

WTF Adobe! Adobe Flash: a quirk in TextFields

Feb 7, 2013

Types in web applications

Jan 30, 2010

type system | web application security | random thoughts

Patent granted

Jun 11, 2007

ibm | provisioning | patent

Ray casting

Dec 29, 2006

ray casting | computer graphics | ruby

étude sur l'utilisation des moyens informatiques à l'UNIL (in french)

Jun 14, 2004

UNIL | moyens informatiques | Université de Lausanne

Maze mapper

Feb 24, 2004

robotics | RokEPXA | Cyclope | maze

Transparent PLD use from Java

Feb 1, 2004

PLD | Java | hardware synthesis

Teaching assistant experience

Jan 5, 2004

random thoughts

License Plate Recognition

Apr 1, 2003

machine learning | artificial intelligence | car license plate | localization | recognition

Operating System Design & Implementation

Feb 17, 2003

operating system | simics | oskit

Compiler design & implementation

Dec 1, 2002

compiler

Malloc

Nov 19, 2002

malloc | dynamic memory allocator

Mobile payments

Nov 1, 2002

mobile | payments

Writing Your Own Unix Shell

Oct 31, 2002

unix | shell | signal | process

Mips microprocessor

May 1, 2002

mips | cpu architecture | cpu design

Scrabble

Jun 1, 2001

ada | scrabble | coding competition

Hugi: taquin

Dec 31, 2000

hugi | coding competition | size optimization | taquin | fifteen puzzle

fun with HP-15C

Jun 7, 2012

Getting your first commit in an open source project

May 10, 2012

219 bytes tron: javascript size optimization fun

Mar 20, 2012

Facebook Rubik Cube in javascript

Oct 15, 2011

Taint support for PHP

Aug 25, 2011

PHP turtles: a list of things you might not know about PHP

Jul 25, 2011

A simple ray tracer in PHP

Apr 8, 2011

A Continued Commitment to Security (https @ Facebook, part 1)

Jan 26, 2011

LinearML: write safe, fast, parallel program without any garbage collector

Jan 4, 2011

(legally) Hacking my manager's Facebook account

Jun 2010

Tab nabbing attack

May 2010

Pastebin: easy way to share text

May 18, 2008

Synergy: a software keyboard & mouse switch

Feb 13, 2008

Slax 6.0 released

Feb 12, 2008

TigerTeam TV Show

Feb 11, 2008

Managing passwords with Keepass

Feb 11, 2008

Covert communications: subverting Windows applications (pdf)

Sep 10, 2007

Mars Rover: a computer graphics project in OpenGL

Jun 2004

A VGA controller in VHDL

Jun 2004

Adaptive Machines

May 2004

Building Virtual Worlds

2002

Binary Adder (transistor-less)

1999

2018

2017

2016

2015

2014

A less error prone HMAC-based hash construction or how to avoid shooting yourself in the foot with HMAC

Forth Haiku mixing math, art and Forth

ajsone Abusing JSON Esolang

2013

2012 and older

A less error prone HMAC-based hash construction
or how to avoid shooting yourself in the foot with HMAC

Forth Haiku
mixing math, art and Forth

ajsone
Abusing JSON Esolang