Sign in

Hack. Dev. Transcend. // Polyglot Developer | Ethical Hacker | Biohacker | Youth Tech Advocate | Certified Bulletproof Coach

(Originally published at devalias.net on September 15, 2018.)

Photo by Alexandru Boicu on Unsplash

With these explorations I have been looking to see how I can go from ‘cool project idea’ to having a PoC serverless application running InTheCloud(tm) with as little time, effort, boilerplate, and ongoing cost required; with the hope that if it is quick/easy enough, and…


Wow, what a trip! I just had the opportunity to not only live out a childhood dream of attending DEF CON, but I even had the privilege to be able to present at the DEF CON Recon Village! Talk about achievement unlocked!


Photo by Kirstyn Paynter on Unsplash

TSS will be representing in the Las Vegas area for #HackerSummerCamp this year, with a few of our team members speaking at the various InfoSec conventions throughout the week. Drop by our talks or find us somewhere among the sea of InfoSec people and say hi!

The Art of Business Warfare

Red Teams are designed to penetrate security in a real world test of effectiveness of security controls, policy, technology and infrastructure. Red Teams view security from an adversary perspective in order to simulate realistic attack scenarios that enable an organisation as a whole to prepare and protect against both simply and sophisticated threats. Red…


I tend to dive down rabbit holes a lot, and given the cost of context switching and memory deteriorating over time, sometimes the state I build up in my mind gets lost between the chances I get to dive in. These ‘linkdump’ posts are an attempt to collate at least some of that state in a way that I can hopefully restore to my brain at a later point.


Photo by Martim Braz on Unsplash

Imagine a world driven by the strive for progress, improvement and innovation, rather than fuelled by corporate greed. Ideas and breakthroughs are shared freely and openly. Where instead of multiple separate entities having to expend the same effort to unlock the same benefits time and time again, locking them away inside their own corporate silos to ration out to the masses at overly inflated costs; we co-create that benefit, shared freely, and greatly accelerate the pace of innovation for everyone.


(Red/Near Infrared, Cold/Low Level Laser, Blue/UV, etc)

I tend to dive down rabbit holes a lot, and given the cost of context switching and memory deteriorating over time, sometimes the state I build up in my mind gets lost between the chances I get to dive in. These ‘linkdump’ posts are an attempt to collate at least some of that state in a way that I can hopefully restore to my brain at a later point.


Earlier this year I spent some time delving into Atlassian Confluence to see if I could dig up any bugs that had slipped through the cracks. I wasn’t really expecting to turn up much, but I was super excited and surprised when I managed to find an issue within the RSS feed plugin leading to Cross-Site Scripting (XSS) (Twitter: 1, 2; LinkedIn: 1, 2; BugCrowd: 1, 2).

The CVE

CVE-2017–16856: The RSS…


Recently I had the opportunity to present at a few local security meetups, and one international security conference.

TL;DR

SecTalks Canberra (November 14th, 2017; Canberra, Australia)

  • “Hack FaaSter: Leveraging Docker and OpenFaaS for fun and offensive (security) profit.”
  • Slides, workshop…

I was playing around with the top challenge on the CTF at SecTalks the other night, and thought I’d do a quick writeup of some of the techniques required; for future reference, and to help others to learn.

Hack the gibso.. Website

To start off, we were given a URL to a website that looked like a pretty standard sort of blog. Features included things like account registration/login, avatar upload, messaging between users, search, posts (not by a standard account), comments on posts (standard account), showing online users, etc. And the administrator was online.. interesting.

Glenn 'devalias' Grant

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store