The XZ Utils Vulnerability
CVE-2024-3094 highlights the strengths and weaknesses of Open Source.
CVE-2024-3094 highlights the strengths and weaknesses of Open Source.
Add MFA to sudo and gnome in Fedora using a Yubikey and authselect
RMS, Dan Kaminsky, FLoCS, Fedora
This post covers using AWS Config as a starting point to find public s3 buckets in your organization.
This article covers previous work and introduces a warning
This post covers increasing security for a static site hosted on s3 using cloudfront and cloudflare
Use AWS Config to locate AWS resources
This post covers how to secure an S3 bucket serving content through Cloudflare
This site now uses CloudFlare
AWS CloudWatch enables monitoring and alerting on cloud events.
AWS Security Hub eases the pain of cloud monitoring
Help protect APIGW from attackers with AWS WAF
AWS CloudTrail is the cornerstone of cloud SECOPS
I share my experience and lessons learned from operating a public bug bounty.
Extract files from tcpdump or wireshark captures
Use this to recover TLS session keys for a java program.
Use mallory proxy to view non-https encrypted mobile traffic
Nearly a year ago, I wrote about an emerging trend I observed with some of the bounty researchers I was interacting with. This screed can be considered an extension of that article. There an emerging trend I’m noticing - I’ve been receiving more messages like the following: Hey , I found Security Vulnerability in your web application ,which can damage site as well as users too.For security purpose can we report vulnerability here,then will i get bounty bounty reward in PayPal or Bitcoin for Security bug ?...
In a post from 2015,, I write about some of the “Security 101” issues I considered to be fundamental. Since 2015, I’ve been exposed to several environments where I have seen the same basic security fails. In addition to my previous Security 101 items (2FA, avoiding password reuse, using a password manager, being mindful of what gets posted on social media, and inspecting email links) I would like to add the following new items to my “Security 101”:...
I’m so far behind the times, it’s sad. Burp Suite gained the ability to perform static analysis on JavaScript libraries back in 2014. Some sites and authors have already blogged about what their approach is for implementing this.I’d like to echo Lukas’s method, but with an easier setup. Simply navigate to the local directory containing the app and serve it using Python’s built-in HTTP server. python2 syntax: python -m SimpleHTTPServer <port> python3 syntax: python3 -m http....