Stephen ShkardoonPHP Autloading: Local File Inclusion by DesignIn the year 2009, PHP 5.3 was released, bringing with it major new features like namespaces and lambda functions. At the time, there was…Dec 9, 2019Dec 9, 2019
Stephen ShkardoonThe poor design decisions of Entrust IdentityGuard soft tokensAlmost every deviation away from a standard TOTP implementation has made the security of the Entrust IdentityGuard solution worseOct 24, 2019Oct 24, 2019
Stephen ShkardoonCracking the Waikato bus card systemI recently published an application for reading the balance from a Busit card, the electronic ticketing system used in Waikato/Hamilton…Aug 2, 2018Aug 2, 2018
Stephen ShkardoonLeveraging Cloudflare’s Authenticated Origin Pulls For PentestingDuring our regular penetration testing, we occasionally encounter a client who’s both using Cloudflare and seems to have configured it…Jan 23, 2018Jan 23, 2018
Stephen ShkardoonThoughts on the OSCP in 2017I recently had a chance to gain my OSCP certification through my day to day penetration testing job and wanted to share some thoughts on…Oct 19, 20172Oct 19, 20172
