A cube, a quintillion dollars coin and the power of decimals

Last week stood out by some popular discussions about minting a particularly huge bullion coin to avoid a Debt Ceiling default of the United States of America’s Federal Government. More precisely, a one Trillion USD platinum bullion coin. While I’m not an expert on American right nor do I have any opinion about if such a project is wise or not, contrary to what some Twitter commenters suggested to my thread:…

Read more »

Tor proxy 101

I realize I haven’t published for a while again, this new blog entry aims to inaugurate the new Tor version of my website that you can easily find if browsing through Tor or head to the Privacy Policy section of this blog. In this blog post, I will shortly explain what the Tor network is, why it matters, and why every website should run a .onion version. Then on the second hand, I’ll describe step by step how anyone can create a Tor proxy of their favorite website using a cheap VPS.…

Read more »

AWS Cloud metadata service abuse

A few weeks ago, I presented an internal meetup to the pentesters of my company on how they could take advantage of weak or poorly configured IaaS metadata services. The end of the presentation was backed by an interactive CTF-like workshop that I have setup based on the work from Avishay Bar from CyberArk. While some suggestions from the workshop have been merged into the master, the complete lab is available on the forked version of the original repository available on my Github account.…

Read more »