My little corner of the internet

Quite a while after it was released I finally took the time to look over the latest issue of Phrack, and there was an article that caught my attention. Namely The Hacker’s Renaissance: A Manifesto Reborn. For quite some time I’ve been thinking about the meaning of words like hacker and hacking. Is a hacker inherently a bad guy? If so, what does that say about an ethical hacker? How have this identity shifted over time? ...

Lately I have sat down to talk with a couple of different groups of people working outside of tech. As someone working with cybersecurity there was a set of statements where I had to interject. This post is a result of these discussions, with the aim to be a reference that can be used to improve the security of everyone, no great technical skills required. I will focus on how we secure our accounts, focusing on the login experience. ...

In this world of AI, no-one can miss the discussions about “vibe coding”. What that means is a the use of AI to write code to develop a product quickly, and the author doesn’t even need to know how to write code. This opens up so many possibilities, as long as the code has a high quality. I won’t dig deeply into the quality of the code produced by AI today, but for now I wouldn’t trust code written by AI to be run in production without rigorous code review and testing. However, if we assume that AI in the future would be of a quality high enough to be run, what would the impact be on Developers? I would argue that this is not a new problem, but a new version of an old problem. ...

As a penetration tester, you will inevitably find yourself involved in scoping engagements, navigating the challenges of aligning a client’s needs with their expectations. “Penetration testing” is a term that almost everyone believes they understand, yet it often carries vastly different interpretations. This ambiguity makes it more of an umbrella term, offering little insight into how the test will actually be executed or what it will cover. In this post, I’ll share my perspective on one approach to differentiating how penetration tests can be executed, helping both testers and clients clarify their expectations. ...

Lately, I’ve been thinking about the complexity of securing the software supply chain. If there’s one lesson we’ve learned from incidents like the SolarWinds and Kaseya attacks, it’s that our supply chains are increasingly becoming the weakest link in our cybersecurity defenses. What makes it even more challenging is the regulatory landscape—particularly within the European Union (EU)—which is evolving to place more responsibility on organizations to secure their supply chains. ...