Write laravel for a living? Maybe make sure that you don’t let your web server serve your .env files. Sample Google search: db_username filetype:envContinue reading "PSA: Make sure that your server is not serving your .env file"
Recently, I was poking around on Shodan (as I do when I am bored) and I stumbled across an interesting query. If you search for “Default: admin/1234”, you get over 14,000 devices that are broadcasting their own default username and password. The devices appear to be Edimax routers. I reached out to both EmbedThis and Edimax to ask them about this. …Continue reading "Why are the default credentials in the realm attribute?"
I have been playing around with the Web Cryptography API a lot lately. My most recent post was about getRandomValues(). I wanted to take a moment to investigate two more methods: generateKey() and exportKey(). The generation of a good cryptographic key is fairly fundamental. I wrote up a short demo app, to demonstrate how the two …Continue reading "How to generate keys with the Web Cryptography API"
Whether you are attacking a computer or protecting it, proper intelligence about a computer is important. A very powerful option for learning about a given system is Nmap. According to Nmap’s website: Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) …Continue reading "How to use Nmap to identify what a server is running"