Category: General security

The revised and compressed OWASP Top 3 Web Application Vulnerabilities

I love Top 10s. They’re everywhere and about everything: Top 10 Fascinating Facts About Neanderthals, Top 10 Crazy Bridal Preparation Customs, Top 10 Alleged Battles Between Humans And Aliens, etc. But my question was always: why 10? Why not 11? Or 9. Or whatever else? I guess 10 sounds more important than 11 or 9. It’s the decimal system, 10…

May 21, 2016
Short URLs are Harmful for Cloud Data Sharing

I was never a big fan of sharing cloud data through a unique link, rather than nominating the specific people that can access the data. To me it feels like security through obscurity. It looks something like this: https://{cloud_storage_provider}/?secret_token={some_unique_token} All the security of this model relies in the randomness and length of the secret token.…

April 15, 2016
Updating Kali Linux from behind a restrictive proxy

I installed Kali Linux from the mini ISO, so I ended up with a fully functioning Linux system but with little to no tools (just nmap and ncat). In order to install the tools that are making Kali what it is, I had to install the metapackages. For me, the easiest option was to install all of…

August 24, 2015
http vs https performance

A while ago I had a huge argument with a development team regarding the usage of https. Their major concern was that the impact on performance would be so big that their servers wouldn’t be able to handle the load. Their approach was to use https just for the login sequence and plain text communication…

April 18, 2015
Security concerns regarding cloned Facebook accounts

What is Facebook account cloning? A form of identity theft in which a malicious attacker impersonates a legitimate user. This is done by creating a copy of the original account. An attacker would most likely: create an account under the same name as the victim using a public email address (Gmail, Yahoo, etc.) copy all…

July 27, 2014
Lock-picking, lock-pickers and hacking

I’ve never been that much into lock-picking myself, never quite got too excited by the subject. Until I’ve seen this guy and his awesome presentation. You feel like taking the tools and start practicing on your front door after seeing this. Or on your neighbors door, depending on your preferences and where you want to…

June 8, 2014
Defcon – the movie

Like Hangover with geeks

April 18, 2014
Does it pay to be a BlackHat hacker?

Dan VASILE @DefCamp Bucharest 2013

December 4, 2013
Hacking the WordPress Ecosystem

I delivered a speech at OWASP Romania InfoSec Conference 2013 in Bucharest (I took part in the organization of the event as well). Dan Catalin Vasile – Hacking the WordPress Ecosystem from Dan Catalin VASILE

October 28, 2013
Bug Bounty Programs

October 4, 2013