Break&Build SecurityReducing DDoS Attack Asymmetry with Self-Checking API KeysPreventing Distributed Denial of Service (DDoS) attacks requires multiple layers of protection. These attacks come in various types and…Jun 13Jun 13
Break&Build SecurityOWASP Global AppSec Dublin 2023I gave my talk about [T]OTP brute forcing in OWASP Global AppSec Dublin in February 2023, I had given a similar talk in DEFCON 2022, and…Feb 28, 2023Feb 28, 2023
Break&Build SecurityDEFCON30: AES GCM common pitfalls and how to work around themI wanted to share one of the talks I gave at DEFCON30, 2022, “AES GCM common pitfalls and how to work around them”. It was presented live…Aug 24, 2022Aug 24, 2022
Break&Build SecurityPatent: “Verifying incoming communications”I’m happy to announce the patent I co-wrote as lead inventor along with Lucas Vidal, and Serge Kruppa is finally published.Jul 30, 2022Jul 30, 2022
Break&Build SecurityFixing vulnerabilities in WAF is OK, right?A few weeks ago I had a discussion with a Principal Software Engineer on the best strategy to patch a vulnerability, they insisted on WAF…May 3, 20221May 3, 20221
Break&Build SecurityinSystem WeaknessDefeating OTP through probabilistic attacks and how to mitigateYou likely receive OTPs (one-time-passwords) all the time, usually in the form of an SMS with a 4 to 8 digit code in it. Pretty common when…Mar 21, 2022Mar 21, 2022
Break&Build SecurityMoving to Medium (for now)After many years of blogging in Blogspot, I’m finally moving out of it. It didn’t feel like a modern platform anymore (for a long time…Mar 21, 2022Mar 21, 2022