I have recently come across a concept that filled a huge hole in my software development skills. Let’s imagine that you follow TDD principles, write well testable code, but as soon as you merge your changes to the master branch you are left wondering: “have I tested all the cases?” Tests might be green now, […]
What is the Liskov Substitution Principle?
Grasping the true idea behind the “Liskov Substitution Principle” seems a bit hard. The explanation that some interfaces and classes should be interchangeable never was enough for me to answer the questions “why should I care” and, consequently, “how should I implement it”. Here’s a writeup I gave for my colleagues, which they found useful, […]
IPC – Unix Sockets explained
When I wrote about Inter Process Communication, shared memory and signals I promised I’ll suggest an easier way of sending messages between process in a way that one of them gets notified. Shared memory and signals is great, but it wasn’t the right choice for my example. Today I’ll explain so-called Unix sockets and as […]
How to deploy a project in Django on AWS?
I’ve recently done a pet project on Django and AWS to better get to know those 2 platforms. Unfortunately I’m unable to deliver enough tutorials to justify maintaining the entire environment, but I’m eager to share my experience, what went well, what went wrong. If you like this post, subscribe to the newsletter to keep […]
Stream Data with python and AWS Kinesis
I know that I promised a more general knowledge, but since I’m working on my AWS Ceritifed Developer exam, I try to write examples of the code that utilizes the services I learn about. There’s a big description of one of my projects coming before I turn it off (check it out on GitHub). For […]
On Python, Mutability, Copy and Deepcopy
I’ve just been hit by a very interesting problem in a project, on which I work. I needed to extend some code my colleague wrote. I did it, but when I added tests, I discovered that when I run the single test I added, it’s all fine. However, when I run it in a group […]
Metasploitable Walkthrough – Part 3 – Java RMI and Post Exploitation Digging.
Another one of the Metasploitable series. This time I’ll try to exploit vulnerable RMI server. However, as I’ve taken a look at the exploit code, I’ve decided that I’m a bit lazy and I want to play around with Metasploit and since I had a few tricks to overcome I feel it might be worth […]
How does Yubikey help to protect against phishing
Recently I wrote about the new security device I bought. Today I want to give a hands on example of how it improves my security. Ladies and gentlemen, today I’ll perform an attack on myself (since it’s the only legal attack I can perform) and explain in better details how to use Yubikey against phishing. […]
I finally got my Yubikey!
I know that as a person, who writes about security I should be aware of the threats that phishing carries and I should protect myself just to set an example. Unfortunately until now, I was “a shoemaker going barefoot” as a Polish saying goes. Although I try to remain open about how I protect myself, […]
Metasploitable Walkthrough Part 2. – VSFTPD
It’s been over a year since I’ve done something security-related and today I’m continuing the series about the Metasploitable project. The last part was reconnaissance, where I showed multiple vulnerabilities found on the machine. One of them was related to the VSFTPD. Today I’ll just script the attack. What is VSFTPD Vulnerable to? There’s a […]