Categories
Tech

Creating a Secure Environment for your Cryptocurrency Hardware Wallet

In this brief blog post I will discuss what I believe to be good practices to follow during the set-up and day-to-day usage of a Cryptocurrency hardware wallet; specifically the Ledger Nano S because it’s the one I use. This advice should still be useful for other hardware wallets as they’re all quite similar.

Categories
Tech

My Research on Misconfigured Jenkins Servers

Late last year I decided to see how many misconfigured CI/CD (continuous integration and deployment) installations I could find on the internet. I decided to focus my research on one of the most popular CI/CD applications – Jenkins. This article isn’t an attack on Jenkins in any way shape or form – any piece of software and/or hardware can be configured incorrectly… it just so happens to be that CI/CD servers often host some very sensitive configurations – some of which I will come on to in a bit.

Categories
Tech

JWT Refresh Token Manipulation

This is a quick blog about a bug I found in a private bounty program on Bugcrowd. The reason for me writing about it is to increase awareness around these issues and implementation flaws so that fellow bug bounty hunters/people in Infosec/developers can use the information in this article for the betterment of security.

Categories
Tech

Bypassing Safe Links in Exchange Online Advanced Threat Protection

In this article I will go through my findings and analysis on the Safe Links feature of Microsoft’s Office 365 Exchange Online Advanced Threat Protection.

Categories
Tech

Ninite Appsheet – Patching Just Got Easier

Ninite has long been my number one tool for deploying, updating and removing popular 3rd party applications… I especially enjoy the feeling of removing Flash and Java from any where I can get my hands on 🙂

Up until now, Ninite has been completely agentless. You get a simple light-weight .exe which you can either run by double clicking or by using switches in the CLI (NinitePro.exe).
To automate the process of deploying or updating applications you previously had to script something together and schedule the .exe to run at a schedule. I don’t mean to make it sound like scripting it to make it work in your environment is difficult – it really isn’t but sometimes it can be tricky to implement for machines that are either not on the domain or simply not on the premises to receive those updates.

Please note that these new features are designed for business/enterprise environments so only available for Ninite Pro users.