I write about security and privacy. I regularly post original security research, custom tools, and detailed technical guides.
Continuous Security, DevOps, and DevSecOps
My NoSQL Injection tool now scans for additional types of PHP GET injections.
How to find security bugs and privacy violations using attack proxies. An introduction.
NoSQLi is a CLI tool for testing NoSQL Databases, particularly MongoDB. It is very fast, simple to use, and easy to automate.
Reading a book on a Kindle sends Amazon a lot of data about reading habits. How fast pages are turned, font sizes and views, and device details.
Notes from various DEFCON talks, conversations, and Q&A sessions.
Best practices for managing secrets when building and deploying applications.
Modern anti-protester tactics include many things: cell phone monitoring, communications disruptions, social media blocking, social media monitoring...
Investigation of the practice of port scanning site visitors for fingerprinting and tracking.
A structured list of security learning resources.