Let's learn together!

Catch up on all our latest blogs and events.

Filter by tag

blogs · 6 min

PKI certificate management

 I have a rough understanding of PKI certificates, how they work, and what TLS is in general. However, I've always struggled to understand the details, particularly from the point of view of an operator. How do I check if a certificate is valid? How do I check who issued it? What does it even mean to "issue" a certificate? To make matters worse, I'm frequently confounded by the variety of different file types used for certificates. Is it a pem, or a crt, or a pub? Speaking of pub, what's the difference between the TLS certificate my server uses to encrypt traffic, and the certificates I use for SSH authentication? In this post, I will answer these questions and then walk though a practical example of using certificates for TLS via a local nginx proxy, modeling the client/server TLS you often see on the web.

August 5, 2022

blogs · 5 min

.tech Podcast - Supporting diversity in tech

Leah Cohen from School of SOS joins us to share her insights into how tech leaders can support diversity in tech. She tells us about what diversity in tech is and why we should care about it. Then, she explains two key solutions to improving diversity: target the next generation and support transitioning into careers in tech.

July 27, 2022

blogs · 8 min

DYLIB Injection in Golang apps on Apple silicon chips

Creating persistence is one of the biggest challenges during Red Team engagements, and doing it in a stealthy, yet reliable way is even more difficult. One old technique on Unix based systems is library injection through environment variables. In this post, we will look at whether this is still possible after macOS 10.14 (Mojave).

July 22, 2022

blogs · 6 min

Linux fundamentals: user space, kernel space, and the syscalls API surface

The Linux kernel has always held a mystical place in my mind. It's the inner sanctum of computer magic which makes programs work. Somehow. People with arcane knowledge of the Linux kernel often refer to "user space" programs, but I've never really been sure what they mean by that. Or of what actually makes up the "kernel", for that matter.

July 6, 2022

blogs · 5 min

.tech Podcast - Designing and Evolving APIs

Arnaud Lauret aka. "The API handyman" is an OpenAPI Lead at Postman. He joins us to share his expertise on API design and maintenance, including tips for evolving APIs and how the OpenAPI specification can make the lives of API designers easier.

June 20, 2022

blogs · 8 min

Bypassing eBPF-based Security Enforcement Tools

During penetration tests and red team engagements, eBPF-based security observability and runtime enforcement tools can make it difficult to use public offensive security tools and techniques, as they are more often detected and blocked. However, eBPF-based tools have limitations which allow adversaries to bypass their controls. In this blog post, I will introduce some of the limitations and bypass techniques.

June 6, 2022

blogs · 4 min

.tech Podcast - Careers in Engineering

Sally Goble, Engineering Manager at accuRx, joins us to tell us all about growing engineering teams, how to support engineering career progression, as well as the importance of salary transparency.

May 27, 2022

blogs · 4 min

.tech Podcast - Testing at Form3

Sam Owens joins us to tell us all about our approach to testing at Form3. He gives us an overview of our testing strategy, the different types of tests we run and explains how to use Pact for testing your services. Finally, he tells us why he prefers BDD style tests.

May 11, 2022

blogs · 7 min

Network Address Translation (NAT) and Proxies (part 2)

Network Address Translation, forward proxies, and reverse proxies, are three common techniques for managing network traffic at scale. This blog will attempt to distil each idea into its simplest form, and write a code example where possible

May 6, 2022

1 of 3

left arrow right arrow