PinnedHow to DevSecOps — Part 3: The 3 Pillars of Sec in DevSecOpsExploring the 3 main tools to use when faced with a challenge putting Sec into DevSecOpsNov 1, 2021Nov 1, 2021
Published inInfoSec Write-upsHacking htmx applicationsWith the normal flow of frontend frameworks moving from hipster to mainstream in the coming few months, during a test, you bump into this…Sep 24, 2023Sep 24, 2023
Your users are getting phished. Fight back!TLDR: our experience on phishing submission email accounts, and some other low cost solutions to get ahead of attackersJun 3, 2022Jun 3, 2022
Your users are getting phished. Now what?!TLDR: sharing some practical experience on end user phishing and what you can expect from basic ways of dealing with it.May 28, 2022May 28, 2022
Published inInfoSec Write-upsTesting EDRs for Linux — Things I wish I knew before getting startedThoughts on how to simplify your tests while keeping it real and a realistic, easy to expand initial access case.Mar 20, 20222Mar 20, 20222
How to DevSecOps — Part 4: the teamThis one goes out to the people building a DevSecOps security team and the ones planning to join one, explained from the perspective of…Nov 16, 2021Nov 16, 2021
The problem with CVEsSo this one goes out to the young DevOps, shift left automation folk. I don’t think any of this is going to be new if you are an OG…Nov 4, 2021Nov 4, 2021
How to DevSecOps — Part 2: the diagnosisUnderstanding the security challenges of product development and the superpowers that come with DevopsAug 1, 2021Aug 1, 2021
Published inNerd For TechHacking Rendertron and Puppeteer- What to expect if you put a browser on the internettldr: do not expose Rendertron! If you run headless browsers for things other than testing, design the infra expecting they will get owned.Jul 9, 2021Jul 9, 2021
How to DevSecOps — part 1: the frameWhen you find yourself over the phone, explaining something on a beach, it is a pretty good sign that you are better off typing it out at…Jul 8, 2021Jul 8, 2021
