Are you over 18 and want to see adult content?
More Annotations
![A complete backup of modern-museum.org.ua](https://www.archivebay.com/archive5/images/8252eec8-774c-4e2c-93b2-ef42c4fc6055.png)
A complete backup of modern-museum.org.ua
Are you over 18 and want to see adult content?
![A complete backup of fashionforhome.de](https://www.archivebay.com/archive5/images/e221313e-252e-4950-8276-d3ec184b9567.png)
A complete backup of fashionforhome.de
Are you over 18 and want to see adult content?
![A complete backup of whistlersportlegacies.com](https://www.archivebay.com/archive5/images/e33d81c4-2924-431e-885a-5843292a3595.png)
A complete backup of whistlersportlegacies.com
Are you over 18 and want to see adult content?
![A complete backup of versacebagsoutlet.com](https://www.archivebay.com/archive5/images/19fca426-5485-495a-91ce-c4bc45636030.png)
A complete backup of versacebagsoutlet.com
Are you over 18 and want to see adult content?
![A complete backup of foto-planeta.com](https://www.archivebay.com/archive5/images/28811d22-38ea-43f6-8ddc-901cf69d4265.png)
A complete backup of foto-planeta.com
Are you over 18 and want to see adult content?
Favourite Annotations
![A complete backup of bankersonline.com](https://www.archivebay.com/archive5/images/02b957c1-45e6-40a8-879e-5cbcacc3263f.png)
A complete backup of bankersonline.com
Are you over 18 and want to see adult content?
![A complete backup of lafourmicreative.fr](https://www.archivebay.com/archive5/images/4861913b-323d-468a-8082-229c36aa8c97.png)
A complete backup of lafourmicreative.fr
Are you over 18 and want to see adult content?
![A complete backup of nycdronefilmfestival.com](https://www.archivebay.com/archive5/images/353da596-ccdb-4808-b044-b4e6c92eb6a8.png)
A complete backup of nycdronefilmfestival.com
Are you over 18 and want to see adult content?
Text
DIOGOMONICA.COM
WHY YOU SHOULDN'T USE ENV VARIABLES FOR SECRET DATA When you store your secret keys in an environment variable, you are prone to accidentally exposing them—exactly what we want to avoid. Here are a few reasons why ENV variables are bad for secrets: Given that the environment is implicitly available to the process, it's hard, if not impossible, to track access and how the contents getexposed
A PIRATE'S TAKE ON COMMAND VS. LEADERSHIP A PIRATE'S TAKE ON STRATEGY VS TACTICS WHY SHOULD *HARD* BE SECURE ENOUGH? INFORMATION AND NON Why should *hard* be secure enough? Information and non-invertibility. The guarantees provided by hashes are of critical importance for security. One of the major points of hashes is, of course, their non-invertibility. However, even though I know how to do the necessary bitwise rotations and modulus additions to compute [insert favoritehash
SNIFFING IN MONITOR MODE WITH AIRPORT After this, you can sniff any channel in monitor mode, with your airport card: After executing this command, your wireless card is in monitor mode sniffing the channel you specified. There should be an eye on the airport symbol: From this moment on, airport will save all the packets seen in specified channel, to a randomly created file in/tmp.
PASSWORD SECURITY: WHY THE HORSE BATTERY STAPLE IS NOT CORRECTSEE MOREON DIOGOMONICA.COM
PACKET INTER ARRIVAL TIME WITH SCAPY I wanted to capture, for statistical purposes, the inter-arrival time of packets sent from a remote machine. In scapy, all packets have a parameter "time", which contains the unix time of the system when thepacket is received.
BOT WARS - THE ARMS RACE OF RESTAURANT RESERVATIONS IN SF The restaurant is nothing short of spectacular. Unfortunately, SBP got noticed by the San Francisco foodie community. This meant that the reservations page started to consistently return the following status: No reservations are currently available. Reservations are taken online up to 60 days in advance. As tables become available, they will be DIOGO MONICADIOGO MÓNICAINFOSECDOCKER From F to A+: Getting Good Grades on Website Security Evaluations. Even though diogomonica.com is a statically generated blog, created using Jekyll, it's always fun to run it through security evaluation websites such as SSL Labs and Security Headers. Unfortunately, last week, when. passwords. FROM F TO A+: GETTING GOOD GRADES ON WEBSITE SECURITYSEE MORE ONDIOGOMONICA.COM
WHY YOU SHOULDN'T USE ENV VARIABLES FOR SECRET DATA When you store your secret keys in an environment variable, you are prone to accidentally exposing them—exactly what we want to avoid. Here are a few reasons why ENV variables are bad for secrets: Given that the environment is implicitly available to the process, it's hard, if not impossible, to track access and how the contents getexposed
A PIRATE'S TAKE ON COMMAND VS. LEADERSHIP A PIRATE'S TAKE ON STRATEGY VS TACTICS WHY SHOULD *HARD* BE SECURE ENOUGH? INFORMATION AND NON Why should *hard* be secure enough? Information and non-invertibility. The guarantees provided by hashes are of critical importance for security. One of the major points of hashes is, of course, their non-invertibility. However, even though I know how to do the necessary bitwise rotations and modulus additions to compute [insert favoritehash
SNIFFING IN MONITOR MODE WITH AIRPORT After this, you can sniff any channel in monitor mode, with your airport card: After executing this command, your wireless card is in monitor mode sniffing the channel you specified. There should be an eye on the airport symbol: From this moment on, airport will save all the packets seen in specified channel, to a randomly created file in/tmp.
PASSWORD SECURITY: WHY THE HORSE BATTERY STAPLE IS NOT CORRECTSEE MOREON DIOGOMONICA.COM
PACKET INTER ARRIVAL TIME WITH SCAPY I wanted to capture, for statistical purposes, the inter-arrival time of packets sent from a remote machine. In scapy, all packets have a parameter "time", which contains the unix time of the system when thepacket is received.
BOT WARS - THE ARMS RACE OF RESTAURANT RESERVATIONS IN SF The restaurant is nothing short of spectacular. Unfortunately, SBP got noticed by the San Francisco foodie community. This meant that the reservations page started to consistently return the following status: No reservations are currently available. Reservations are taken online up to 60 days in advance. As tables become available, they will be DIOGO MONICA (PAGE 2) Change your MAC with py-MACtool. I've had to change my MAC address for countless reasons. Either because I was doing some penetration testing, or just to debug some network errors. The most recent motive for changing my MAC. Diogo Mónica. WHY SHOULD *HARD* BE SECURE ENOUGH? INFORMATION AND NON Why should *hard* be secure enough? Information and non-invertibility. The guarantees provided by hashes are of critical importance for security. One of the major points of hashes is, of course, their non-invertibility. However, even though I know how to do the necessary bitwise rotations and modulus additions to compute [insert favoritehash
CRYPTO-ANCHORS
crypto-anchors Crypto Anchors: Exfiltration Resistant Infrastructure. I've been thinking about a concept that Nathan McCauley and I came up with a few years ago: crypto-anchoring—and how much impact this kind of architectural decision could have in the breaches BITCOIN HARD-FORKS AND REPLAY ATTACKS Bitcoin hard-forks and replay attacks. Dealing with blockchain hard-forks seems to have become an unfortunate and time-consuming reality of working in the cryptocurrency space these days: all the cool kids seem to be doing it. With the looming possibility of yet another Bitcoin hard-fork come November, the rumor mill has startedspitting out
IT'S NOT JUST THE SALT, STUPID There have been hundreds of articles about the recent password hash leaks from Linked-in and eHarmony.One particular detail that most of these articles seem to have in common is the fact that they point at the inexistence of a "salt" as the security mistake that made this leak particularly damaging. While it is true that the salt is a very important component of any good password hashing SKYNET (BETA): THE RISE OF THE BEAM ROBOT At work we bought a few telepresence robots from SuitableTech called Beam. The Beam robots allow anyone from a remote location to have face-to-face interaction with the people at our HQ. Each Beam robot boasts two wide-angle HD cameras, a 6-microphone array that cancels echo and reduces background noise, aRAISING THE DEAD
Actually undeleting stuff. After everything is mounted you can now run extundelete: This command will create a RECOVERED_FILES folder in the your current directory. Make sure you are in /tmp or some other LiveCD in-memory partition. After you recover the files, scp them off to a remote machine and you are done. Good luck. INCREASING ATTACKER COST USING IMMUTABLE INFRASTRUCTURE Increasing Attacker Cost Using Immutable Infrastructure. One neat thing about Docker containers is the fact that they are immutable. Docker ships with a copy-on-write filesystem, meaning that the base image cannot be modified, unless you explicitly issue a commit. One of the reasons why this is so handy is that you get to check for driftreally
WEIRD PACKET OF THE DAY Once in a while I open wireshark and just look at my baseline traffic. It's useful for when I actually want to find something weird to quickly distinguish between what's normal and what looks fishy. THE DANGERS OF PASTEBIN-LIKE WEBSITES Services like pastebin.com are useful for sharing and discussing code. However, people trust the generated URLs to be unknown to anyone else, DIOGO MONICADIOGO MÓNICAINFOSECDOCKER From F to A+: Getting Good Grades on Website Security Evaluations. Even though diogomonica.com is a statically generated blog, created using Jekyll, it's always fun to run it through security evaluation websites such as SSL Labs and Security Headers. Unfortunately, last week, when. passwords. FROM F TO A+: GETTING GOOD GRADES ON WEBSITE SECURITYSEE MORE ONDIOGOMONICA.COM
A PIRATE'S TAKE ON STRATEGY VS TACTICS WHY YOU SHOULDN'T USE ENV VARIABLES FOR SECRET DATA When you store your secret keys in an environment variable, you are prone to accidentally exposing them—exactly what we want to avoid. Here are a few reasons why ENV variables are bad for secrets: Given that the environment is implicitly available to the process, it's hard, if not impossible, to track access and how the contents getexposed
A PIRATE'S TAKE ON COMMAND VS. LEADERSHIP WHY SHOULD *HARD* BE SECURE ENOUGH? INFORMATION AND NON Why should *hard* be secure enough? Information and non-invertibility. The guarantees provided by hashes are of critical importance for security. One of the major points of hashes is, of course, their non-invertibility. However, even though I know how to do the necessary bitwise rotations and modulus additions to compute [insert favoritehash
SNIFFING IN MONITOR MODE WITH AIRPORT After this, you can sniff any channel in monitor mode, with your airport card: After executing this command, your wireless card is in monitor mode sniffing the channel you specified. There should be an eye on the airport symbol: From this moment on, airport will save all the packets seen in specified channel, to a randomly created file in/tmp.
PACKET INTER ARRIVAL TIME WITH SCAPY I wanted to capture, for statistical purposes, the inter-arrival time of packets sent from a remote machine. In scapy, all packets have a parameter "time", which contains the unix time of the system when thepacket is received.
PASSWORD SECURITY: WHY THE HORSE BATTERY STAPLE IS NOT CORRECTSEE MOREON DIOGOMONICA.COM
BOT WARS - THE ARMS RACE OF RESTAURANT RESERVATIONS IN SF The restaurant is nothing short of spectacular. Unfortunately, SBP got noticed by the San Francisco foodie community. This meant that the reservations page started to consistently return the following status: No reservations are currently available. Reservations are taken online up to 60 days in advance. As tables become available, they will be DIOGO MONICADIOGO MÓNICAINFOSECDOCKER From F to A+: Getting Good Grades on Website Security Evaluations. Even though diogomonica.com is a statically generated blog, created using Jekyll, it's always fun to run it through security evaluation websites such as SSL Labs and Security Headers. Unfortunately, last week, when. passwords. FROM F TO A+: GETTING GOOD GRADES ON WEBSITE SECURITYSEE MORE ONDIOGOMONICA.COM
A PIRATE'S TAKE ON STRATEGY VS TACTICS WHY YOU SHOULDN'T USE ENV VARIABLES FOR SECRET DATA When you store your secret keys in an environment variable, you are prone to accidentally exposing them—exactly what we want to avoid. Here are a few reasons why ENV variables are bad for secrets: Given that the environment is implicitly available to the process, it's hard, if not impossible, to track access and how the contents getexposed
A PIRATE'S TAKE ON COMMAND VS. LEADERSHIP WHY SHOULD *HARD* BE SECURE ENOUGH? INFORMATION AND NON Why should *hard* be secure enough? Information and non-invertibility. The guarantees provided by hashes are of critical importance for security. One of the major points of hashes is, of course, their non-invertibility. However, even though I know how to do the necessary bitwise rotations and modulus additions to compute [insert favoritehash
SNIFFING IN MONITOR MODE WITH AIRPORT After this, you can sniff any channel in monitor mode, with your airport card: After executing this command, your wireless card is in monitor mode sniffing the channel you specified. There should be an eye on the airport symbol: From this moment on, airport will save all the packets seen in specified channel, to a randomly created file in/tmp.
PACKET INTER ARRIVAL TIME WITH SCAPY I wanted to capture, for statistical purposes, the inter-arrival time of packets sent from a remote machine. In scapy, all packets have a parameter "time", which contains the unix time of the system when thepacket is received.
PASSWORD SECURITY: WHY THE HORSE BATTERY STAPLE IS NOT CORRECTSEE MOREON DIOGOMONICA.COM
BOT WARS - THE ARMS RACE OF RESTAURANT RESERVATIONS IN SF The restaurant is nothing short of spectacular. Unfortunately, SBP got noticed by the San Francisco foodie community. This meant that the reservations page started to consistently return the following status: No reservations are currently available. Reservations are taken online up to 60 days in advance. As tables become available, they will be DIOGO MONICA (PAGE 2) Change your MAC with py-MACtool. I've had to change my MAC address for countless reasons. Either because I was doing some penetration testing, or just to debug some network errors. The most recent motive for changing my MAC. Diogo Mónica. DOCKER - DIOGO MONICA docker Hitless TLS Certificate Rotation in Go. One of the core security goals of Docker's Swarm mode is to be secure by default. To achieve that, when a new Swarm gets created it generates a self-signed Certificate Authority (CA) and WHY SHOULD *HARD* BE SECURE ENOUGH? INFORMATION AND NON Why should *hard* be secure enough? Information and non-invertibility. The guarantees provided by hashes are of critical importance for security. One of the major points of hashes is, of course, their non-invertibility. However, even though I know how to do the necessary bitwise rotations and modulus additions to compute [insert favoritehash
RAISING THE DEAD
Actually undeleting stuff. After everything is mounted you can now run extundelete: This command will create a RECOVERED_FILES folder in the your current directory. Make sure you are in /tmp or some other LiveCD in-memory partition. After you recover the files, scp them off to a remote machine and you are done. Good luck. CRYPTO ANCHORS: EXFILTRATION RESISTANT INFRASTRUCTURE A Crypto-anchor is a service that forces a data-flow to only be available within the boundaries of your infrastructure. Let's take a look at a couple more examples of using crypto-anchors: Data-flow: You have a credit-card processing service that needs the ability to temporarily persist and later decrypt end-to-end encrypted credit-carddata
INCREASING ATTACKER COST USING IMMUTABLE INFRASTRUCTURE Increasing Attacker Cost Using Immutable Infrastructure. One neat thing about Docker containers is the fact that they are immutable. Docker ships with a copy-on-write filesystem, meaning that the base image cannot be modified, unless you explicitly issue a commit. One of the reasons why this is so handy is that you get to check for driftreally
SKYNET (BETA): THE RISE OF THE BEAM ROBOT At work we bought a few telepresence robots from SuitableTech called Beam. The Beam robots allow anyone from a remote location to have face-to-face interaction with the people at our HQ. Each Beam robot boasts two wide-angle HD cameras, a 6-microphone array that cancels echo and reduces background noise, a BITCOIN HARD-FORKS AND REPLAY ATTACKS Bitcoin hard-forks and replay attacks. Dealing with blockchain hard-forks seems to have become an unfortunate and time-consuming reality of working in the cryptocurrency space these days: all the cool kids seem to be doing it. With the looming possibility of yet another Bitcoin hard-fork come November, the rumor mill has startedspitting out
THE DANGERS OF PASTEBIN-LIKE WEBSITES Services like pastebin.com are useful for sharing and discussing code. However, people trust the generated URLs to be unknown to anyone else, MONITOR VS PROMISCUOUS One of the confusions I see often in wireless sniffing related discussions, is the difference between Monitor and Promiscuous mode. Many people seem to think that setting the wireless interface in promiscuous mode is equivalent to setting it in monitor mode.DIOGO MÓNICA
CO-FOUNDER AND PRESIDENT @ANCHORAGEbusiness
A PIRATE'S TAKE ON COMMAND VS. LEADERSHIP Tired of being told that you should be a leader? Do not worry. Pirate captains had great leadership skills, and they were still beaten to oblivion by Navy Captains who exercised pure command on their ships.*
Diogo Mónica
4 min read
business
A PIRATE'S TAKE ON STRATEGY VS. TACTICS Strategy vs.Tactics is one of the most written-about topics in business, but most business books seem to explain it in ways that hinder both the clarity of thought and the establishment of good conceptual frameworks.*
Diogo Mónica
7 min read
crypto-anchors
CRYPTO ANCHORS: EXFILTRATION RESISTANT INFRASTRUCTURE I've been thinking about a concept that Nathan McCauley and I came up with a few years ago: crypto-anchoring—and how much impact this kind of architectural decision could have in the breaches*
Diogo Mónica
5 min read
bitcoin
BITCOIN HARD-FORKS AND REPLAY ATTACKS Dealing with blockchain hard-forks seems to have become an unfortunate and time-consuming reality of working in the cryptocurrency space these days: all the cool kids seem to be doing it. With the looming*
Diogo Mónica
3 min read
THE TWO METRICS THAT MATTER FOR HOST SECURITY As companies move their infrastructures towards ephemeral microservices, there is an opportunity to rethink some of the security metrics typically used to track infrastructure risk, such as the number of currently unpatched vulnerabilities*
Diogo Mónica
3 min read
docker
WHY YOU SHOULDN'T USE ENV VARIABLES FOR SECRET DATA The twelve-factor app manifesto recommends that you pass application configs as ENV variables. However, if your application requires a password, SSH private key, TLS Certificate, or any other kind ofsensitive data, you
*
Diogo Mónica
2 min read
hash
WHY SHOULD *HARD* BE SECURE ENOUGH? INFORMATION AND NON-INVERTIBILITY The guarantees provided by hashes are of critical importance for security. One of the major points of hashes is, of course, their non-invertibility. However, even though I know how to do the necessary*
Diogo Mónica
7 min read
docker
HITLESS TLS CERTIFICATE ROTATION IN GO One of the core security goals of Docker's Swarm mode is to be secure by default. To achieve that, when a new Swarm gets created it generates a self-signed Certificate Authority (CA) and*
Diogo Mónica
8 min read
docker
BUILD ONCE RUN WHERE? MIGRATING MY BLOG TO HYPER.SH A few months ago, I ran into a cool new product called hyper.sh, a Docker container hosting platform. The goal of hyper.sh is to make it easier to deploy your containerized*
Diogo Mónica
3 min read
docker
INCREASING ATTACKER COST USING IMMUTABLE INFRASTRUCTURE One neat thing about Docker containers is the fact that they are immutable. Docker ships with a copy-on-write filesystem, meaning that the base image cannot be modified, unless you explicitly issue acommit.
*
Diogo Mónica
4 min read
csp
CREATING A CSP POLICY FROM SCRATCH When I added the Content-Security-Policy (CSP) security header to my website, I was more concerned about getting a good rating on securityheaders.io, than actually creating a good policy. In this postI'll
*
Diogo Mónica
6 min read
csp
FROM F TO A+: GETTING GOOD GRADES ON WEBSITE SECURITY EVALUATIONS Even though diogomonica.com is a statically generated blog, created using Jekyll, it's always fun to run it through security evaluation websites such as SSL Labs and Security Headers. Unfortunately, lastweek, when
*
Diogo Mónica
5 min read
passwords
PASSWORD SECURITY: WHY THE HORSE BATTERY STAPLE IS NOT CORRECT I’ve intentionally kept myself from commenting on Password Security in the wake of the last month’s mass iCloud account compromise. My feeling was that this topic had already been discussed to*
Diogo Mónica
5 min read
mptcp
MPTCP: THE PATH TO MULTIPATH I first heard about MultiPath TCP (MPTCP) in 2007 when I met Olivier Bonaventure in Louvain-la-Neuve, Belgium. In the meantime MPTCP has been gaining a ton of traction, from having Apple using it*
Diogo Mónica
1 min read
beam
SKYNET (BETA): THE RISE OF THE BEAM ROBOT At work we bought a few telepresence robots from SuitableTech called Beam. The Beam robots allow anyone from a remote location to have face-to-face interaction with the people at our HQ. Each Beam*
Diogo Mónica
4 min read
bot
BOT WARS - THE ARMS RACE OF RESTAURANT RESERVATIONS IN SF I love food. This means that I'm bound to compete for reservations at good restaurants with the hipsters that are native to San Francisco. This is a peek into the arms race going*
Diogo Mónica
2 min read
WEIRD PACKET OF THE DAY Once in a while I open wireshark and just look at my baseline traffic. It's useful for when I actually want to find something weird to quickly distinguish between what's normal and what*
Diogo Mónica
2 min read
RAISING THE DEAD - UNDELETING FILES IN EXT4 Chances are that you have, at least once in your life, deleted files that you had no backups of. This is how I partially recovered some of my files after deleting them on*
Diogo Mónica
1 min read
terminal
HUSH OS X TERMINAL, HUSH I've been noticing for a while a huge delay when opening new tabs and windows on iTerm (or terminal.app). This would range from 3 to 7 seconds when opening a new tab.*
Diogo Mónica
1 min read
crypto
IT'S NOT JUST THE SALT, STUPID There have been hundreds of articles about the recent password hash leaks from Linked-in and eHarmony. One particular detail that most of these articles seem to have in common is the fact that*
Diogo Mónica
2 min read
EXPLOIT-SUGGESTER
This tool essentially outputs a list of exploits that you might want to try out after you gain local access to a host. Nothing you cannot do manually, and not the most brilliant*
Diogo Mónica
1 min read
THE DANGERS OF PASTEBIN-LIKE WEBSITES Services like pastebin.com are useful for sharing and discussing code. However, people trust the generated URLs to be unknown to anyone else, other than the people we want to share them with.*
Diogo Mónica
2 min read
python
DEAD SIMPLE HTTPD IN PYTHON Sometimes, this is all you need: glow:~ dmonica$ python -m SimpleHTTPServer 8000 Serving HTTP on 0.0.0.0 port 8000 ... This simple command has saved me hours of precious time. I've even*
Diogo Mónica
1 min read
wifi
SNIFFING IN MONITOR MODE WITH AIRPORT Sniffing in OS X has been a reality for quite some time, thanks to the effort of people like the guys from Kismet (https://www.kismetwireless.net/) and KisMAC (http://trac.kismac-ng.org/*
Diogo Mónica
3 min read
python
FACEBOOK SIDEJACKING I've just released a tool called py-cookieJsInjection on github (see Part II of this post here). py-cookieJsInjection is a python script that sniffs cookies from the network, and outputs Javascript code thatcan
*
Diogo Mónica
2 min read
Diogo Monica © 2021 Latest PostsDetails
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0