Computer security guidelines and references
Published:
A list of computer security guidelines and references.
Authority Ambiguity Vulnerabilities in NGINX and Debian’s proxy_params
Friends don't let friends use $http_host
Published:
Two related authority-ambiguity vulnerabilities in NGINX and Debian's proxy_params configuration snippet.
Cryptography formats
Published:
If you are trying to understand the difference between the different cryptography-related formats (PKS#12, PKCS#8, PEM, X.509 certificate, DER, JWK, BEGIN ENCRYPTED PRIVATE KEY??? 🤯), you will hopefully find some useful information here (and a lot more your did not wanted to know about).
Books I have read in 2025
Published:
Books I have read in 2025. Should be mostly spoiler free.
Asymmetric keys and Siths
Published:
Some (not so serious) cryptographic wisdom from a long time ago…
Reinforcement Learning formulas cheat sheet
Published:
Cheat sheet for (some) reinforcement learning mathematical formulas and algorithms.
Concealing XSS payloads
Published:
PortSwigger “Concealing payloads in URL credentials” talks about concealing XSS payloads in URL credentials. The nice thing is that this makes the payload invisible to WAFs and other server-side XSS filters. You can actually conceal the payloads in other places
Codingame Spring Challenge 2025
Published:
My experience from the Codingame Spring Challenge 2025.
Testing Unicode Tag Smuggling in chatbots
Where we learn that the sky is actually a giant blueberry smoothie 🫐
Published:
Testing ASCII smuggling using Unicode Tags on LLMs/chatbots. Nothing new here. Just a short summary.
Keycloak UMA vulnerabilities
Published:
Keycloak's UMA implementation seems tricky to me.
Page 1 of 12 | Previous page | Next page | JSON Feed | Atom Feed | RSS Feed