ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT First look I know the challenge is a website so open up the IP:Port address in a browser. It forwards to /auth: I’m given a simple login screen (user and password) with two buttons, “Login” and “Register”. First, lets see how it is supposed to work and then…
Intro Key to transporting anything over the internet these days, is encryption. For a tunnel, this involved encrypting the whole packet that would be your payload. We don’t want anyone along the path to be able to intercept packets and see what the unencapsulated traffic would look like. Especially in the case of LAN to…
Intro There are many ways to implement the UDP handling. Since I’m primarily interested in using UDP to tunnel traffic from a client to a server, both of which are known and controlled by me, I’m going to implement a udp_tunnel. This is different to say, how a DNS server would work, listening on a…
Intro A part of the project I’ve been working on requires the use of a virtual network device. Traditionally, this would be a tun/tap device. The user-space program would register a new tunnel device connected to /dev/net/tun, which presents the user with a tun0 device to which you can assign an IP address etc. IP…
Intro In the last post, I mentioned the /proc system but never got much further. We’ll delve a little deeper in this post. So what is /proc anyway? According to wikipedia – “The proc file is a special file system … that acts as an interface to internal data structures in the kernel. It can be used to obtain…
Intro As a packet slinger by trade, a network admin, and also a bit of a programmer, I lately embarked on a quest for better throughput – to find a way to get more packets to pass through a rather small footprint low-cost device running a VPN tunnel. I will review my findings here over the…
The “Inspired” book – by Marty Cagan This post is based on resources from the excellent and popular book from Marty Cagan on Product Management. Here are some resources for summaries and excerpts from the book, which is a must-read for anyone developing a SaaS software product. https://www.amazon.ca/INSPIRED-Create-Tech-Products-Customers/dp/1119387507/ref=dp_ob_title_bk https://www.mightybytes.com/blog/inspired-marty-cagan/ https://svpg.com/assessing-product-opportunities/ https://svpg.com/ – Marty’s website and blog…
We have recently launched a new service to help new clients who need some help with a (semi-)urgent server, network, or code issue which might only need a few hours of an expert’s time to resolve. This service, called Get Me Out Of Trouble, is designed to quickly match up your unique need with an…
Recently, at LinuxFest 2019, Rob presented on Node-RED. Here is an interview with Rob about what this is all about, and a link to the Youtube video recording. Here is what he covered: Connecting to a Raspberry Pi’s GPIO for digital I/O. Connecting to Google Home and Google Assistant for voice I/O. Connecting to Slack…
Myself and Richard will be presenting at the BC Tech Association next Thursday. We will be sharing our story on how we repurposed DevOps, software development, and system montioring tools to transform our business by visualizing the key drivers to our model. Learn why this important for any business and team, and what happens if…
