Designing for exploitationAn overview of the possible future of automated exploitation systems and how we could defend against themJan 14, 20201Jan 14, 20201
Building Your Own Web Application Firewall as a Service And Forgetting about False PositivesThe following post is a reproduction of a paper of mine which was included in the In Depth Security Vol. III book which is compiled by the…Jan 3, 2020Jan 3, 2020
Detecting attacks and improving response through the use of real time security featuresAn overview on the benefits of using real time features in SIEM’sAug 22, 2019Aug 22, 2019
Exploiting A/B Testing for Fun and Profit (Part 2)This is the second part of a post based on a talk I gave in the Ekoparty security conference in 2016 on exploiting A/B testing frameworks.Aug 13, 2019Aug 13, 2019
Exploiting A/B Testing for Fun and Profit (Part 1)This post is based on a talk I gave at the Ekoparty security conference in 2016. Given the amount of requests I had on the subject I’m…Aug 13, 2019Aug 13, 2019
Expanding labeled datasets through correlated featuresAn approach to improve model generalisationJul 22, 2019Jul 22, 2019
Reducing your Google Pub/Sub costs over 95% by micro-batching with Google Cloud StorageUsing streams to separate components logicMar 28, 20193Mar 28, 20193
Persistant GCP backdoors with Google’s Cloud ShellCloud Shell GCP Google Cloud SecurityOct 27, 2018Oct 27, 2018
Auditing ssh activity with docker containersSince I got several request of similar ventures I’m writing a post on a way to log ssh connections with Docker while mentioning other…Feb 18, 2016Feb 18, 2016
Blocking docker from the instance metadata service in AWS and OpenstackOne of the many benefits of docker is to contain applications in their own “stacks” which improves their security. Yet an issue is that in…Aug 31, 2015Aug 31, 2015