All Posts

Collapsology: Why Exposed RDP Isn’t Your Biggest Threat

In September 2021, I presented a conference talk entitled “Collapsology: Why Exposed RDP Isn’t Your Biggest Threat” where I gave an overview of how to identify cultural threats in a rapidly evolving business landscape, and how we can use modern-day tools to identify these threats before they result in security culture collapse.

Read more ...


TIL: How to Create Multiple Endpoints in Azure Function with Golang

Hello and welcome back to another “Today I Learnt”, where I document some of the exciting things I have learnt to do! Today I’ll be showing you how to support multiple endpoints in Azure Function with a custom handler.

Read more ...


TIL: How to improve language detection using langdetect

Welcome to the second TIL ✌🏻, where I share small lessons I’ve learnt, these generally aren’t substantial enough to be their fully-featured blog post but are worth sharing, just in case someone else is looking at the same problem.

Read more ...


Why We Should Remove Lazy From Our Vocabulary

Lazy is a word I see much too frequently. Sometimes it comes up as the key reason a web application is insecure or because an internal network is missing a backlog of patches. Sometimes it’s used to explain peoples attitudes towards security in general or their lack of acceptance of a particularly scathing report.

Read more ...


TIL: How to include media in Anki cards using Genaki

Welcome to the first TIL ✌🏻, where I share small lessons I’ve learnt, these generally aren’t substantial enough to be their own fully featured blog post but are worth sharing, just in case someone else is looking at the same problem.

Read more ...


Windows 95 File Cross Stitch Pattern

Hey there! 👋 If you follow me on the bird platform you’ll know I’ve been spending a lot of my downtime working on needlepoint and have slowly been working my way through Windows 95 icons:

Read more ...


Zine - Reading RFCs - Email

Welcome back! ♥️ In 2018, I wrote a Twitter thread that went semi-viral after I did some research about email RFCs and found some fun examples of email addresses that are valid but not well supported.

Read more ...


Windows 95 Notepad Cross Stitch Pattern

Hey there! 👋 It’s been a while since my last post and while I haven’t written much I’m still here. I recently got a new job and so have been dedicating a lot of time and mental focus to that so haven’t been as focused on research and development after hours, but I have a few drafts that I’m working on so keep your eyes peeled for those.

Read more ...


2020 In Review

Well, it was all a bit shit hey? At the start of the year I don’t recall exactly what my plans were but I can tell you right now, for most part it didn’t involve not being able to travel, or being confined to my house for 23 hours a day, but we persevered and needless to say the outcome was good.

Read more ...


Introducing Threats Manager Studio with Simone Curzi

I co-hosted OWASP DevSlop with Nikki, Nancy, Faith, Isaiah, Rahul and spoke to Simone Curzi, Principal Consultant from Microsoft Consulting Services about his new tool Threats Manager Studio (TMS).

Read more ...


Creating a Honeytoken User in Office 365

As part of my current project to harden Office 365, I have proposed to my partner in “Don’t Do” Crimes that we should conduct some phishing and other fun little war games to work out how we can implement some more proactive security controls Spy vs. Spy style.

Read more ...


Part 3: Creating a CI/CD Pipeline in Azure DevOps

If you’re just tuning in, I would highly recommend you go and checkout Part 1 and 2 of this series:

Read more ...


Part 2: Advanced Configuration of Sphinx

If you’re just tuning in, I would highly recommend you go and checkout Part 1 of this series Part 1: Creating a Blog on Sphinx.

Read more ...


Part 1: Creating a Blog on Sphinx

Install and setup Sphinx, ablog and pydata_sphinx_theme.

Read more ...


A New Blog Built with Sphinx on Azure

20, November 2020 was the day I last day I used Netlify to build errbufferoverfl.me. But don’t be fooled! This time it wasn’t by choice. The Hugo site that I had finally settled on suddenly failed to build, even if I went back as far as a month to the last successful build.

Read more ...


Part 2: Why does Culture Hacking Matter?

Failure in this system is like a cliff in the dark, a precipice at night that we can’t see until it is too late and we are about to tumble over it. We’re afraid of it, waiting for us out there in the darkness, and all we know is that we never want to get too close in our wanderings.

Read more ...


A Review of Practice Cloud Security or the First Book I Finished this Year

Practical Cloud Security: A Guide for Secure Design and Deployment

Read more ...


Part 1: Culture Hacking

Hi 👋🏼 and welcome to the first part on a series on culture hacking! Your first question might be, what exactly is culture hacking, and why should I care about it?

Read more ...


Satisfying Clause 4: Context of the Organisation

This is the second time I am writing this because bad habits die hard, and Word didn’t save my first draft, because I never enabled that feature so who’s really at fault here? Obviously, the computer.

Read more ...


Hello World! 🌏

So, recently, no scratch that, for a while I’ve been considering implementing an information security management system (ISMS) at home. People have asked why, and the answer comes down to one of two reasons:

Read more ...


Are you crazy? I can’t swallow that.

Now what? Humans dating robots is sick. You people wonder why I’m still single? It’s ‘cause all the fine robot sisters are dating humans! Bender, being God isn’t easy. If you do too much, people get dependent on you, and if you do nothing, they lose hope. You have to use a light touch. Like a safecracker, or a pickpocket.

Read more ...


A Brief History of Tamper Evident Locks

In this talk I discuss common “canary locks” or locks with tamper evident mechanisms through the ages, I trawled through 11,335,427 patents to identify several high and low profile locks and their known, or speculated bypass techniques.

Read more ...


Part I: Agloe, what the map makers-of the 1930s can teach us about protecting data in 2018

Throughout 2018, I presented a conference talk entitled “Agloe: What the map makers-of the 1930s can teach us about protecting data in 2018” where we looked back to the 1930’s to see what the General Drafting Company could teach us about securing data and breach notification in the modern day. In the talk I discussed how using free and open-source solutions, defensive thinking and a bit of creativity, we can easily identify network breaches, and catch the bad guys in the act.

Read more ...