Posts
Making Life Easier in the Bounty Admin World
From a triager's point of view, bug bounty programs are truly a wonderful world. One report is just a 5 min video, showing a cracked Burp and Notepad texting you, "it works - BOOM 💥" - yet this is a good finding that no external pentesters, no threat modelling architects and no SAST/DAST/SCA tools have managed to identify. Another report could come at 7PM on Friday describing a "critical criticality" vulnerability, that is some information disclosure with no real security impact.
>> READ MORE -->
BSides Vilnius 2024
I always thought about how local security community in Vilnius / Lithuania could be more lively, active. When you think about it, one way to make the scene more lively could be more meetups and events, but what kind of events are best fit for this purpose? From 0 to 1 Link to this section Last December, while lurking in the local infosec Discord channel, I noticed some invites to meet for drinks.
>> READ MORE -->
OWASP Vilnius - 2023 November Meetup
A few weeks back, it was still November, but already not the pretty kind - autumn leaves and colors faded away so quickly, and all of a sudden it was dark and cold. However, a post popped up which brightened the day - there was a call for presenters for the OWASP Vinius meetup. It doesn't happen that often, and this was supposed to be the second real-life meetup after Covid, so I did not hesitate and offered my help.
>> READ MORE -->
Getting Quotes Right in Hugo
It's November, so it's dark, cold and gloomy. That's when there's more time and will to get back to the blog, which has accumulated some dust. I opened the website, but the first thing I saw was one old problem that always annoyed me - the quotes, which were not displaying correctly. This was always at the top of the website's tech issues backlog. Here's how I finally fixed it this evening.
>> READ MORE -->
Scot-Secure 2023
I don't talk at events that often, it's hard to find the right occasion and the time to prepare. This week though, I had an opportunity to visit Scotland for the second time ever, where the Scot-Secure 2023 conference was taking place. The Conf Link to this section It took a while to arrive in Edinburgh through Frankfurt, so I've decided to just rest at the hotel with a few beers and go through the slides one last time.
>> READ MORE -->
ChatGPT: What's on the Security Horizon?
The end of 2022 is marked by the explosion of ChatGPT, a state-of-the-art natural language processing (NLP) model developed by OpenAI. It is trained on a massive dataset of human conversations and is capable of generating human-like responses to a wide range of prompts. While ChatGPT has the potential to revolutionize the way we interact with computers and assist with various tasks, what are the considerations when it comes to security?
>> READ MORE -->
Kubernetes and Cloud Native Associate Review
I've been interested in Kubernetes security for a while now. This interest still keeps growing and lately I seem to be getting involved with Kubernetes more and more, so I wanted to get certified in this. A quick search led to Certified Kubernetes Security Specialist, but I've decided that this is going to be a fun ride and it's best to start from the beginning. A few weeks back I've taken the exam and got certified for KCNA (Kubernetes and Cloud Native Associate).
>> READ MORE -->
Hacking APIs Book Review
I wanted to get a book specifically about API security for a while now. While reading another APIsecurity.io newsleter issue, I browsed Amazon for API security books. There weren't too many, but I saw an upcoming (at that time) release from No Starch Press, Hacking APIs: Breaking Web Application Programming Interfaces by Corey J. Ball, which I've decided to pick up. APIs, APIs Everywhere Link to this section Undoubtedly, APIs are an important part of the whole security picture, yet they somehow feel underrated.
>> READ MORE -->
AWS Certified Cloud Practitioner Review
ID: 0x02
A few months back, I was immersed in AWS spinning EC2 instances up, configuring networks and editing S3 access policies for an internal security tool. There were multiple situations where I would stumble upon something I was not sure about and curiosity led me to YouTube videos of varying quality. I thought, it would be good to get through a course covering AWS from the ground up and maybe get a certification.
>> READ MORE -->
Hello World
Hello world. Once again. Nothing out of the ordinary happened - the other day I was browsing some old directories, when I saw a bunch of old sketches of a blog and a personal website. Then I glanced at the list of things I wanted to write about, and decided that it's time for the blog to come to life. I don't think I could live without Markdown and I wanted for things to run in Go, so I decided to go with Hugo.
>> READ MORE -->