Implementing a Password Strength Indicator

Implementing a Password Strength Indicator

Passwords are a mostly necessary part of almost all web applications. A lot of research has gone into how applications should deal with passwords, from the UX of password creation, to the storage of passwords. Large password breaches have taught the security industry...
MiTM using Golang, meet Timmy

MiTM using Golang, meet Timmy

This post is an introduction to Timmy (Tiny evil man in the middle). There are a lot of MiTM tools used to assess software that communicates via TCP/IP. They all have a few basic ingredients, but often differ stylistically or in their intended use cases. Burp can do...

Securing M2M Gateways

There are a staggering number of M2M gateways on the market. In some cases, gateways are designed and marketed for specific use-cases, such as in-vehicle connectivity and fleet management, sensor data aggregation and telematics, and home automation and management....

Patching BL/BLX instructions in ARM

We are often looking at ARM binaries in our favorite disassembler as we work on mobile applications and “Internet of Things” devices. As we worked on this binary we discovered a particular branch instruction that we wanted to modify. If you are familiar...

Look Ma! Dotless Domain Names!

Making small changes to complex high availability systems can have extreme consequences. When these systems provide critical services to the entire planet – like, say, the Domain Name System – even minor changes must be analyzed very carefully. That’s why ICANN hired...