Category Archives: Security

SaturdayMP Show 51: Cyber Insecurity in the Wild

A presentation about security issues I’ve personally witnessed. The IRL presentation is Oct 3rd, 2024 for the Dev Edmonton JavaScript, Ruby, and Python Meetup in Edmonton. Found this video useful? Then help others find it by liking, subscribing, sharing, and … Continue reading

Posted in Saturday MP Show, Security | Tagged , | Comments Off on SaturdayMP Show 51: Cyber Insecurity in the Wild

SaturdayMP Show 50: Hack the Box Sherlock (Brutus)

In this episode I solve the Brutus Sherlock on Hack the Box with only minimal help from the walkthrough. Found this video useful? Then help others find it by liking, subscribing, sharing, and sponsoring. Have question you want answered in … Continue reading

Posted in Saturday MP Show, Security | Tagged , , | Comments Off on SaturdayMP Show 50: Hack the Box Sherlock (Brutus)

SaturdayMP Show 49: picoCTF Gym (Trickster & Cookies)

In this episode I show how to solve the Trickster picoCTF challenge which I got stuck on in the last video. I got some help from Weekly Dev Chat participants. I also solve the Cookies challenge. Found this video useful? … Continue reading

Posted in Saturday MP Show, Security | Tagged , , , | Comments Off on SaturdayMP Show 49: picoCTF Gym (Trickster & Cookies)

SaturdayMP Show 48: picoCTF Gym (Verify and Getting Stuck on Trickster)

In this episode I go over my plan for the month and then try a couple picoCTF problems. Successfully solved Verify and failed to figure out Trickster. Do you have any tips for me to solve Trickster? Found this video … Continue reading

Posted in Saturday MP Show, Security | Tagged , , | Comments Off on SaturdayMP Show 48: picoCTF Gym (Verify and Getting Stuck on Trickster)

SaturdayMP Show 36: picoCTF Gym

In this episode I do some picoCTF exercises inspired by the picoCTF 2024 competition starting. The last problem was a Unicode byte problem that I figured out with help from GitHub Copilot. I don’t fully understand the solution so let … Continue reading

Posted in Code Examples, Saturday MP Show, Security | Tagged , , , | Comments Off on SaturdayMP Show 36: picoCTF Gym

SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)

Happy Holidays! In this episode I do a walkthrough of the TPS Report Uploader capture the flag (CTF) I created. The walkthrough includes how to exploit the vulnerabilities and how to fix them in this .NET 8 Blazor application. You … Continue reading

Posted in Saturday MP Show, Security, Software Development | Tagged , , , , , | Comments Off on SaturdayMP Show #25: TPS Report Uploader CFT Walkthrough (Vulnerable Blazor Application)

SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)

In this stunning conclusion to the 3 part series I finally get HTTP Basic Authentication working. Including merging my changes into the main branch in GitLab and making sure it works in staging and production in Render. The video is … Continue reading

Posted in Saturday MP Show, Security, Software Development | Tagged , , , , , , , | Comments Off on SaturdayMP Show #23: Adding Basic Auth to NGINX Passenger Docker (Part 3)

SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)

In this episode I find the root flag for the Busqueda machine on Hack the Box. Took a wrong turn looking for Gitea and Git vulnerabilities but eventually found the root flag with help from the walkthrough. Watch part 2 … Continue reading

Posted in Saturday MP Show, Security | Tagged , , | Comments Off on SaturdayMP Show #20: Hack the Box – Busqueda Part 3 (Root Flag)

SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)

In this episode I get a reverse shell working and make some progress on capturing the root flag. Spoiler: There is a self hosted GitHub like website. Watch part 1 of me hacking the Busqueda machine at: Thanks to Hack … Continue reading

Posted in Saturday MP Show, Security | Tagged , , , | Comments Off on SaturdayMP Show #18: Hack the Box – Busqueda Part 2 (Reverse Shell)

Don’t Commit Sensitive Information to the Repository

One of the most common security issues I in code reviews is sensitive information, such as production credentials, API keys, etc, in the source code. The source code I just pulled from the repository. The source code all the developers … Continue reading

Posted in Security | Tagged , | Comments Off on Don’t Commit Sensitive Information to the Repository