Exploring the WebAuthn API; a bare-bones JS app

Posted on by David Vassallo

I had no idea the WebAuthn API even existed until I came across this article by @herrjemand. In that article, the author used WebAuthn to automatically generate and save passwords in the Chrome credential manager. What more can this browser API do? How would you use it? What is WebAuthn - and why the buzz? We know passwords are a necessary evil. Credential managers are a hassle to setup and use, passwords are re-used across sites and applications - and we often choose weak or easily-guessed passwords. WebAuthn is oft touted as a "password killer". We've seen … Continue reading Exploring the WebAuthn API; a bare-bones JS app

Advertisements

Part 2 – Inspired by Gatsby.js : Rolling your own GraphQL powered WordPress API (this time with Spring Boot)

Posted on by David Vassallo

In the first part of this two-article series, we explored rolling your own WordPress GraphQL adapter, inspired by the work done by GatsbyJS, written in Javascript and hosted on GraphCool. In this article, we'll build the same thing, this time using Java. Spring Boot and GraphQL Java Kickstart make this quite easy. Pre-requisites For anyone … Continue reading Part 2 – Inspired by Gatsby.js : Rolling your own GraphQL powered WordPress API (this time with Spring Boot)

Voice Controlled Christmas Tree Lights

Posted on by David Vassallo

What we're building: https://youtu.be/Lgtpi0k7FD8 It's a great project to get started with learning about IoT, and Alexa. Hardware Particle Photon micro-controllerAdafruit Featherwing mini-relay (https://learn.adafruit.com/mini-relay-featherwings/overview)Amazon Alexa (Dot in my case...)Optional for some extra holiday cheer: Adafruit NeoPixel Stick (https://www.adafruit.com/product/1426) Circuit Diagram Fritzing file can be found here: https://github.com/dvas0004/SmartMote/blob/master/SmartMote_v1.fzz Notes, tips and tricks about the Hardware The … Continue reading Voice Controlled Christmas Tree Lights

Pentesting gRPC-Web : Recon and reverse-engineering

Posted on by David Vassallo

gRPC-Web has reached General Availability! The official blog announcement can be found here: https://grpc.io/blog/grpc-web-ga gRPC makes leveraging Protocol Buffers extremely easy, and ProtoBufs in and off itself has some very good advantages over REST when it comes to performance and contract-based development. However so far ProtoBufs are used typically in the backend to facilitate inter-microservice … Continue reading Pentesting gRPC-Web : Recon and reverse-engineering

Android hacking tools update for Sept 2018

Posted on by David Vassallo

This article outlines a few "lessons learned" during an Android pen-test, specifically on which parts of my toolset I needed to update to accommodate newer android versions (Android v7+) MultiDex support One of the standard pen-test techniques is to decompile the App's source code. Typically this is done by converting the APK DEX code to … Continue reading Android hacking tools update for Sept 2018

Scraping real estate prices using python and visualization using maps

Posted on by David Vassallo

TL;DR An interactive map, accurate as of 13/08/2018 showing property prices per square meter in various areas of Tallin: https://dvas0004.github.io/TallinnRealEstate/ Data shown is for 3-bedroom apartments (resource limitations). Green is less expensive, red is more expensive. Clicking on a data point will show a popup containing the actual price per square meter for that data … Continue reading Scraping real estate prices using python and visualization using maps

Lessons learnt: Of Spring Boot + OAuth2 + redirect URIs

Posted on by David Vassallo

TL;DR: make sure NGINX is setup correctly (proxy_set_header) before messing around with your code. Scenario: Deploying a Spring Boot micro-service behind an NGINX reverse proxy gave us issues when using default Google OAuth2 configuration as described here , basically showing the "Redirect URI Mismatch" mentioned at the very end of the linked article Trying the solution based … Continue reading Lessons learnt: Of Spring Boot + OAuth2 + redirect URIs