Category Archives: Security

Playing with Content Security Policy (CSP) today…

Playing around with Content Security Policy (CSP) today.  Found these resources so far that I like. CSP Is Awesome Report URI Content Security Policy (CSP) Quick Reference Guide Any other suggestions?

Posted in Security | Leave a comment

Injection on Windows

So, I’ve been playing around a bit with DLL injection on Windows. The basic process is- Identify the process Open the target process Create a buffer in the target process that’s large enough to hold the path to the DLL … Continue reading

Posted in Security | Leave a comment

The Witchcraft Compiler Collection by @endrazine

In case you missed Defcon 24 or were there and happened to miss this talk, this is some amazing stuff. It’s called the Witchcraft Compiler Collection (WCC) by my co-worker and friend, Jonathan Brossard. Some things you can do with … Continue reading

Posted in Open Source, Security | 1 Comment

An Overview of HSTS

What is HSTS? HSTS stands for HTTP Strict Transport Security.  It’s a web security policy that allows a web server to inform a web browser that it should only be accessed over HTTPS and never HTTP.  It also helps prevent … Continue reading

Posted in Security | Leave a comment

XML External Entity attack (XXE) in a Nutshell

The XXE attack has been around for a few years, but hasn’t gotten much attention until the last couple of years with some high-profile cases in Facebook and PayPal. So, what is the XML External Entity attack? XXE is an … Continue reading

Posted in Security | Leave a comment