• Getting sneaky with DNS for SSRF Understanding how fundamental technologies work goes a long way ...

    Generally when I make http requests against a domain, I wouldn’t expect it to make requests on my localhost - but sometimes, just that happens. For getting sneaky with SSRF attacks you can have a DNS record point to 127.0.0.1. When a record pointing to 127.0.0.1 is resolved, your application will end up making requests 127.0.0.1. For experimentation, I used one of Rapid7’s free datasets, & found the domain volks-seat.de pointing 127.0.0.1. It never occurred to …

  • Design resources for developers Design thinking can enable developers to be better developers

    As a developer, it is beneficial to understand basics of design and how people digest information. You may think to yourself that you will never have to create a visual interface, but the reality is even code has a visual aspect which has impact on its consumption. A deeper understanding of visual perception can positively impact your code! #### Principles Design is a mature industry with centuries of application and study. There are many tried and …

  • Thinking about computer science? To computer, or not to computer, that is the question!

    My initial career plans were to get degree in Mechanical Engineering. Plans didn’t go as planned, and I wasn’t quite mature enough to handle the level of rigor immediately outside of high school. My plans evolved into an art direction, since I always enjoyed art & I decided to ignore the $$$ or there lack of problem with art careers. From art, I realized I needed to make some money so I honed in on Graphic …

  • Naming Things! Labeling classes, methods, functions, variables, servers ....

    ** This is a work in progress, that mostly contains lots of good links ** It’s one of the hardest things you do a programmer and also one of the most important aspects of writing code. Code is read 10x more than it’s written so when you are writing you need to be very thoughtful of the future readers, which are yourself & others. You want your code to be very clear to readers, even if …

  • Inspecting Windows with cli! ... Windows isn't all that bad

    I’m pretty green when it comes to knowledge of windows commands & cli tools. From the security perspective, a large percent of businesses/corporations run windows on their platform, so some basic tools to introduce ideas is helpful! ### WMI With the command line you can use wmic or powershell to utilize WMI Windows Management Instrumentation which can give you insight into all sorts of things about your system! - - - Get Windows Version ```shell > …

  • Getting going with Jekyll Jumping into THE static site generator

    I’ve been wanting to start blogging for quite some time and decided to finally make the jump. I’ve created countless WordPress sites for clients but wanted to go a different route for my own blog. I wanted to use a system that was simple and light and something I didn’t need a db for. I wanted something that would let me write markdown files and generate the site from there. Nowadays there are so many static …

subscribe via RSS