Reducing DDoS Attack Asymmetry with Self-Checking API KeysPreventing Distributed Denial of Service (DDoS) attacks requires multiple layers of protection. These attacks come in various types and…Jun 13Jun 13
OWASP Global AppSec Dublin 2023I gave my talk about [T]OTP brute forcing in OWASP Global AppSec Dublin in February 2023, I had given a similar talk in DEFCON 2022, and…Feb 28, 2023Feb 28, 2023
DEFCON30: AES GCM common pitfalls and how to work around themI wanted to share one of the talks I gave at DEFCON30, 2022, “AES GCM common pitfalls and how to work around them”. It was presented live…Aug 24, 2022Aug 24, 2022
Patent: “Verifying incoming communications”I’m happy to announce the patent I co-wrote as lead inventor along with Lucas Vidal, and Serge Kruppa is finally published.Jul 30, 2022Jul 30, 2022
Fixing vulnerabilities in WAF is OK, right?A few weeks ago I had a discussion with a Principal Software Engineer on the best strategy to patch a vulnerability, they insisted on WAF…May 3, 20221May 3, 20221
Published inSystem WeaknessDefeating OTP through probabilistic attacks and how to mitigateYou likely receive OTPs (one-time-passwords) all the time, usually in the form of an SMS with a 4 to 8 digit code in it. Pretty common when…Mar 21, 2022Mar 21, 2022
Moving to Medium (for now)After many years of blogging in Blogspot, I’m finally moving out of it. It didn’t feel like a modern platform anymore (for a long time…Mar 21, 2022Mar 21, 2022