api Security Services for Mere Mortals I'm pleased to say I've moved my domainsync service over to React, and at the same time moved the domain to badsec.io. Since these changes I've found it's much easier to compose complex services into simple components that simplifies code extension, modification and testing. The original back-end code is
rsa RSA Encryption Toolbox - Experimental Utilities For Deriving Private Keys From Public Keys TLDR: I've created a toolbox that will allow you to break RSA 128 & 256bit keys in less than five minutes with minimal hardware (2 vCPU's, 2048MB memory). Grab yourself a copy here. Over the last couple of weeks there's been quite a bit of chatter around breaking RSA encryption.
aws Visualising Attack Traffic using Cloudflare ELS, AWS Lambda, S3 and Golang Everyone loves a nice shiny visual to look at, right? In the technology space we have massive amounts of data at our disposal, but very rarely do off-the-shelf tools give us meaningful insights in real-time. In this post I'll show you how you can make use of Cloudflare's WAF events
golang, javascript, python, concurrency, threading, tooling How Fast Can You Go? A Concurrency Evaluation Between Python, JavaScript and Go Concurrency is a key paradigm for the development of scalable, performant and stable software engineered applications. Languages like JavaScript and Python have popularised asynchronous event-driven patterns in favour of multi threaded programming. Threading has shown to be insufficient with respect to performance, memory consumption and shared state as demonstrated by
oscp Preparation and Passing the OSCP Exam (Proctored) In December 2018 I had the pleasure of undertaking and passing the Offensive Security Certified Professional (OSCP) exam. And while there are no shortage of OSCP write-ups and postmortems, I thought I would give back to the community and share my experience with doing the proctored version of the exam
burp Burp's new Enterprise version and REST API Portswigger has recently developed an enterprise version of their well-regarded Burp web vulnerability assessment tool, and along with this a REST API for integrating with the scanning engine. This article explores some of the new features for both these releases and provides practical examples you can use for your next
brand protection Protect Your Online [Brand] At All Costs We've all heard the saying that our brand is our reputation; it is our business card; a prism through which others view us and the way we conduct business. In a perfect world it's a symbol of trust, transparency and security. If all of this holds true, it therefore follows
The Implications of LinkedIn Automagically Knowing My Work Email Address Hands up, how many of you were aware that LinkedIn had the capacity to automatically add a secondary or work email to your personal account without your knowledge? I certainly wasn't! A quick Internet search reveals I wasn't alone in questioning this wizardry. My first reaction when this was brought
azure Cloud Platform as a Service (PaaS) Security - A Technical Overview The Platform as a Service (PaaS) for cloud based web applications is a fantastic platform for entry-level rapid application development prototyping, all the way through to enterprise-grade scalable application ecosystems. With that said, there are some caveats with regard to PaaS security that are often overlooked when evaluating PaaS as
![Protect Your Online [Brand] At All Costs](/content/images/size/w600/2018/07/brand-protection.png)
