Recap: REST Authentication and HTTP Signatures

A brief summary of the talk by David Blevins titled “Deconstructing REST Security by David Blevins”

Predicting masked ID with check-digit

Some identification numbers (IDs) come with check-digits, for example national IDs, membership IDs. In some cases, data protection regulation mandates masking parts of the ID during storage or when displayed. In most of these masked cases, the check-digit remains…

syIsTyping

Mar 9

Recap: JWT and Cookies for Web Authn

A brief summary of the talk titled “JSON Web Tokens Suck — Randall Degges (DevNet Create 2018)”

A brief summary of the talk by Randall Degges titled “JSON Web Tokens Suck”

syIsTyping

Feb 7

Bunch of Reverse Shells: Python

Reverse shells: python one-line from cli, base64, heredoc

Here are a bunch of reverse shell snippets inspired by PayloadAllTheThings. Change the host, run the shell on the target and use this to catch the shell…

syIsTyping

Feb 7

Bunch of Reverse Shells: NodeJS

Reverse shells: nodejs one-line from cli, base64, heredoc

Here are a bunch of reverse shell snippets inspired by PayloadAllTheThings. Change the host, run the shell on the target and use this to catch the shell…

syIsTyping

Dec 26, 2021

Py: Standalone generic run_parallel function

Sometimes while writing quick py scripts, we find a need to run a bunch of functions in parallel. For eg, sending a bunch of slow sqli calls to the target server, or scraping a bunch of websites.