Category Archives: Security

SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)

Happy Holidays! In this episode I do a walkthrough of the TPS Report Uploader capture the flag (CTF) I created. The walkthrough includes how to exploit the vulnerabilities and how to fix them in this .NET 8 Blazor application. You … Continue reading

Posted in Saturday MP Show, Security, Software Development | Tagged , , , , , | Comments Off on SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)

SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)

In this stunning conclusion to the 3 part series I finally get HTTP Basic Authentication working. Including merging my changes into the main branch in GitLab and making sure it works in staging and production in Render. The video is … Continue reading

Posted in Saturday MP Show, Security, Software Development | Tagged , , , , , , , | Comments Off on SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)

SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)

In this episode I find the root flag for the Busqueda machine on Hack the Box. Took a wrong turn looking for Gitea and Git vulnerabilities but eventually found the root flag with help from the walkthrough. Watch part 2 … Continue reading

Posted in Saturday MP Show, Security | Tagged , , | Comments Off on SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)

SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)

In this episode I get a reverse shell working and make some progress on capturing the root flag. Spoiler: There is a self hosted GitHub like website. Watch part 1 of me hacking the Busqueda machine at: Thanks to Hack … Continue reading

Posted in Saturday MP Show, Security | Tagged , , , | Comments Off on SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)

Don’t Commit Sensitive Information to the Repository

One of the most common security issues I in code reviews is sensitive information, such as production credentials, API keys, etc, in the source code. The source code I just pulled from the repository. The source code all the developers … Continue reading

Posted in Security | Tagged , | Comments Off on Don’t Commit Sensitive Information to the Repository

Saturday MP Show #17: Hack the Box – Busqueda (User Flag)

In this episode I find the user flag for the Busqueda machine on Hack the Box. Perhaps with a little help from the walkthrough and Chat GPT to assist with my lack of Python knowledge. Thanks to Hack the Box … Continue reading

Posted in Saturday MP Show, Security | Tagged , , | Comments Off on Saturday MP Show #17: Hack the Box – Busqueda (User Flag)

See you at BSides Edmonton 2023

I am excited to announce that I’ll be attending BSides Edmonton this year! I’m looking forward to increasing my cyber security knowledge from the talks, CTF, and fellow attendees. Specially I’m looking to learn the latest best practices for protecting my clients websites and … Continue reading

Posted in Security | Tagged , | Comments Off on See you at BSides Edmonton 2023

Today I Learned about Gobuster

I’ve made it a goal for 2023 to increase my security knowledge. This was based on increase in security related questions from clients. Specifically related to website security as most of my current work is maintaining websites for clients. One … Continue reading

Posted in Security, Today I Learned | Tagged , , , , | Comments Off on Today I Learned about Gobuster

Rate Limiting Using Nginx and Fail2Ban – BSides Edmonton 2022

I’m honored to be presenting at BSides Edmonton on November 25, 2022. I’ll be demoing rate limiting using nginx and Fail2Ban. You can find the demo here in-case you want to follow along during the demo or you want a preview/spoiler. While I’m … Continue reading

Posted in Code Examples, Presentations, Security | Tagged , , , , | Comments Off on Rate Limiting Using Nginx and Fail2Ban – BSides Edmonton 2022