Recently, I have to use Linkedin API to crawl companies in their ecosystem. The official API (v3)requires OAuth for authenticating and forces you to request to them before you can use the full version (public and private APIs). Luckily, I found that Linkedin offers Voyager API for searching and listing…

Read this article at my company’s blog

As I described in the chapter one, we can control the content of a sub-domain d by controlling the content of domain d1 that d point to through its CNAME record.

Azure, a popular cloud service offer many services that can create such…

Read this article at my company’s blog

Subdomain takeover is a high severity vulnerability that can be exploited to take control of a domain and pointing it to an address managed by attackers. Attacks on this vulnerability are often used for the purpose of creating phishing sites, spreading malwares. …

If you want to get top visited websites, Alexa is a reliable source. But, sadly, they only free the first 50 websites, and if you want to get more, you have to pay a fee.

One of the ways to obtain that list is to use AWS service with price $0.0025 per URL. Everything seems easy when you are willing to pay, however, their sample code is only available ruby, php, java that I do not like them. I have rewritten a small script in Python to do this, you can check it bellow.

Anw, the process of creating AWS authorization headers is extremely complex.

My source code


If you are a mobile application developer, you may be interested in exposing sensitive information from your application because of decompilation a mobile app such as Android app is not too difficult.

A friend of mine recently developed an Android application using Unity framework, it can hide code by downloading…

Về Dirty Cow

Gần đây tôi có thấy nhiều thông tin về lỗ hổng này, được đánh giá là Serious, cho phép leo thang đặc quyền, ảnh hưởng đến nhiều distro Linux… Tôi cũng không hiểu sao một lỗ hổng sau khi được công bố thì có logo, website riêng, Twitter, Facebook Page…

What is HTTPS?

We’ve heard a lot about HTTPS, and we use it every day. If you access a website from your browser and you see a little green padlock and the letters “https” in your address bar then congratulations, you are accessing this safely via HTTPS.

Green padlock and the letters “https” in address bar

HTTPS is a combination of HTTP…


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store