I’ve just been hit by a very interesting problem in a project, on which I work. I needed to extend some code my colleague wrote. I did it, but when I added tests, I discovered that when I run the single test I added, it’s all fine. However, when I run it in a group […]
Metasploitable Walkthrough – Part 3 – Java RMI and Post Exploitation Digging.
Another one of the Metasploitable series. This time I’ll try to exploit vulnerable RMI server. However, as I’ve taken a look at the exploit code, I’ve decided that I’m a bit lazy and I want to play around with Metasploit and since I had a few tricks to overcome I feel it might be worth […]
How does Yubikey help to protect against phishing
Recently I wrote about the new security device I bought. Today I want to give a hands on example of how it improves my security. Ladies and gentlemen, today I’ll perform an attack on myself (since it’s the only legal attack I can perform) and explain in better details how to use Yubikey against phishing. […]
I finally got my Yubikey!
I know that as a person, who writes about security I should be aware of the threats that phishing carries and I should protect myself just to set an example. Unfortunately until now, I was “a shoemaker going barefoot” as a Polish saying goes. Although I try to remain open about how I protect myself, […]
Metasploitable Walkthrough Part 2. – VSFTPD
It’s been over a year since I’ve done something security-related and today I’m continuing the series about the Metasploitable project. The last part was reconnaissance, where I showed multiple vulnerabilities found on the machine. One of them was related to the VSFTPD. Today I’ll just script the attack. What is VSFTPD Vulnerable to? There’s a […]
IPC examples – signals and shared memory
There are numerous ways programs can talk to each other. Modern operating systems provide decent isolation for security reasons, but programs must talk to each other this way or another. Today, after 2 articles on AWS, I’ll return to more generic IT topics. I’m going to describe 2 IPC (which stands for Inter Process Communication) […]
AWS Lambda in Pycharm
I’m back to life and here’s some tasty article on something I’ve recently learnt. Unfortunately, this is again on 2 very specific commercial solutions instead of general purpose programming. And another one on AWS. Maybe I’ll come up with an article on signal handling in operating systems. Anyway, here are some tips and trick on […]
AWS Secrets Storing
I’ve always thought it is cool to have a pet project. Creating something single-handedly lets you get an insight into problems that you won’t come across when you’re just one out of many people engaged in the project. One of such things is setting up proper operations and deployment process. Sure, for something small even […]
The Vicious Circle of Code Quality
What’s wrong with our code quality? I’ve recently came across a talk given by “Uncle Bob” Martin on the object-oriented programming. What struck me most, however, was not how precisely and thoroughly he grasped the very core of OOP, but the introduction he gave. We, as programmers, tend to sacrifice the code quality in order […]
Java Manifest Crash Course
I’m recently learning about AWS features and one of them are “Lambdas”. Those are functions that can be deployed and triggered on various events (like HTTP request, or file upload), but you don’t have to maintain the servers that run them. By default AWS provides several runtimes like NodeJS, Python and Java. Since I’m recently […]