Profile avatar
mikisec.bsky.social
Cyber security officer by day, a fabulous cookie by night
14 posts 12 followers 100 following
Getting Started
Conversation Starter
Posts 9 Comments 10

TIL: flatpak's session bus 'org.freedesktop.Flatpak' permission allows to escape the sandbox (by allowing to run commands on the host machine) This shows the importance of not only denying access to the 'host' and 'home' filesystems.

submitted 4 days ago • 1 comment

I wrote up a post about how we hugely improved the write performance for Bluesky's timelines/following feed. If you want to learn more about how we did it, check it out. Some nuggets in there about embracing imperfection in some parts of a system to scale better. jazco.dev/2025/02/19/i...

submitted 104 days ago • 22 comments

Just discovered GNS3, an open source software to create virtual network labs (using VMs) Looks amazing! Next step is to experiment with security controls and incident response. Also cool: can sniff packets in one click between links (using Wireshark) World's most basic set-up:

submitted 129 days ago • 0 comments

Really looking forward for digital attestations to be widespread ❤️ (PEP 740) I'm also hopeful that more and more developers will start switching towards Trusted Publishers. Maybe a warning if it's not done yet: "You are using an API key, consider using Trusted Publishers if possible: <docs URL>"

submitted 174 days ago • 0 comments

Weekend read: What @owasp.org CRS learnt during its open source bug bounty program. coreruleset.org/20230509/wha... (Repost from 2023, covers 180+ reports and 500+ findings) #bugbounty #wafbypass #bugbountytips #weekendread

submitted 179 days ago • 0 comments

#blogvent day 4 is here! I wrote about writing! So meta! But actually though, writing for devs/a techy audience can be tough, so I tried to put together some useful tips that have helped me. Hope it's helpful! cassidoo.co/post/good-wo...

submitted 181 days ago • 5 comments

Did you know you can use an ancient magic cookie to downgrade parsers and bypass WAFs?! Hope you enjoy this quality bit of RFC-diving from @d4d89704243.bsky.social! portswigger.net/research/byp...

submitted 181 days ago • 1 comment

#blogvent Day 2 is here! I wrote about note-taking, one of my fave topics, and strategies I use to not just use notes to hoard information! cassidoo.co/post/note-ta...

submitted 183 days ago • 8 comments

Thankfully we are not getting many yet on our end yet. Once every few months, still a few too many where we could spend time on something else. Only 2 GitHub accounts were reported and banned for bulk spamming (us and others users & organizations), hopefully it stays at 2.

submitted 182 days ago • 0 comments