Posts

Testing TLS Clients with OpenSSL

There are many tools available to test TLS servers, but sometimes you may need to test a TLS client, just to see what ciphers and algorithms it supports. This article explains how to use OpenSSL to create a TLS server that you can modify and have clients connect to. Create some certificates If you don’t already have a server key and certificate bundle then you can follow these steps to create a CA, a CSR and a server certificate bundle for your OpenSSL server to use. ...

September 9, 2024 · 4 min

Creating incremental sized fuzz payloads in OWASP ZAP

During a recent security review I was working on a very simple web application. I needed to determine the size of a payload that would result in a “payload too large” message from the server. The idea being to start with a single character (A) and then (AA) and then (AAA) etc. until the response message changed. I could have done this with Python but as I already had a copy of ZAP open I decided to use it instead. My initial assumption was that this would be easy and straight forward. I was however surprised to find it was not. Thankfully I discovered a solution in the form of the ZAP regular expression payload generator. ...

August 25, 2024 · 2 min

Vscode Telemetry

What it’s sending and how to block it. I tried out Visual Studio Code the other day after hearing a colleague refer to it, and I think I also saw it being used in a video and I liked the look of it. So I went off and grabbed a copy and started playing. The first point of interest for me was the ability to add add-ons, one in particular being remote SSH browsing. I thought this was a great idea so grabbed that too. Here’s where the security fun starts. ...

December 10, 2023 · 5 min

Retrieving your public IP address on the command line in Linux

URL #1 $ curl http://ipecho.net/plain; echo URL #2 $ curl ifconfig.me

December 10, 2023 · 1 min

Improving your code quality in one simple step!

Want to improve your coding quality? Here’s how. Add the following line into your /etc/hosts file (Linux) or %WINDIR%\System32\drivers\etc\hosts file (Windows): 0.0.0.0 stackexchange.com

December 10, 2023 · 1 min

5th December 2023

Pipeline now in place I’ve put an auto deployment pipeline in place to make maintaining the site easy That is all for now!

December 5, 2023 · 1 min

Welcome

Welcome to my site I will be uploading lots of interesting technical and security related material here soon.

December 3, 2023 · 1 min