Hi! Welcome to my blog.

Latest Posts

 

• One-byte challenge post

  One of my students, after reviewing their graded exam, expressed disagreement with a slightly lower mark. The deduction stemmed from an imprecise calculation and rough approach, in a stack-based buffer...

• Predicting CVSS Vectors with text embeddings and random forests

  Tired of hearing/reading only about generative AI models? This post explores how Artificial Intelligence and Machine Learning can help with a very real cybersecurity problem.

• Undisclosed Home Routers Full Takeover

  Recently, I came to own some Customer Premises Equipment (CPEs). You might wonder why. Well, occasionally, when I’m feeling bored, I enjoy testing the vulnerabilities of embedded devices, while staying...

• Backups with Bup

  Time Machine never really worked for me. Network backups were slow and unreliable, and to make matters worse, my Apple TimeCapsule broke when I needed it the most, causing me...

• Vulnerability Management Metrics

  In my previous job (at the time of writing) I have been leading the Vulnerability Management Team for Facebook (nowadays Meta).

• Stress and Burnout

  I have been thinking about writing this note for a long time. I went through busy times, writer’s block, and some sort of impostor syndrome which told me “why would...

• H4CK1NG G00GL3 - Main challenges write-up

  This is my write-up of H4CK1NG G00GL3’s main challenges. Hacking Google is a sui generis CTF and, hands down, my favourite CTF so far.

• Mocking Filesystem, File and FileInfo in Golang unit tests

  As a beginner, I found it difficult to write unit tests in GoLang for anything that use actual production resources, like filesystems, APIs, or databases. In this post, I put...

• Terraform - AWS Lambda via SQS

  While playing around with Terraform, I realized how hard it is to find a simple working example for spinning up a Lambda function triggered by SQS messages. As a way...

• Binary Exploitation - PWN101 Write-up

  This is the write-up for the PWN101 room on TryHackMe, created by Jopraveen. You can find the room (Difficulty: Medium) will all the challenges here.

• RSA signatures with TPM2.0 and OpenSSL

  What I am going to show applies to any Trusted Platform Module (TPM) implementing TPM2.0 specs. However, I wrote this article after spending two days trying to use the Minnowboard...