Recent Blog Posts

Choosing the right tool: How to pick the right programming language

Jack of all trades, master of none. Often better, than a master of one. Adam Savage Master of one When I first started programming, I had figured I would learn python. It was easy enough for a young me to learn. It was powerful and could do a whole lot. I told myself the more time I spent in this language the better I would be. I spent about two years learning python.

Read more

How to DOS Yourself With Argon2

Recently while penetration testing a clients server I found a DOS attack via a simple post request. On a page which took text input, as well as a hashing method, and returned the hash string, I was able to DOS the entire server. Starve the CPU The exploit was a simple bash script that made a POST request with the text as testing and the hash function, Argon2. Now one interesting thing to note is exactly how much CPU usage each hash function takes.

Read more

Modern Wordpress Malware

As an interpreted language, PHP has the unique problem of disclosing all of its source code. This does not benefit malware developers trying to hide their code. Obfuscation helps, but only to a certain extent. This is to the benefit of security researchers. After finding a nasty infestation on a clients site, I was intrigued by the different ways these malware devs were using the web to defeat modern anti-virus techniques.

Read more