Engineering blog

Filter by tag

Blogs · 4 min

.tech Podcast - Internal Developer Platform

Kaspar Von Grünberg is a the CEO and founder of Humanitec. He joins us to discuss what an Internal Developer Platform is and what to focus on when you're building your own. Finally, he provides an overview of Humanitec's platform, which provides open-source tools you can use when you're building your own IDP.

March 15, 2023

Blogs · 3 min

Introduction Ethical Hacking

No system is free of security vulnerabilities, which can be exploited to gain access to restricted resources. Ethical hackers are our allies, using the same techniques as malicious actors to help us find and fix the security vulnerabilities of our systems. In this short introductory article, we explore: the different types of hackers, the goals of ethical hacking and the main activities of ethical hackers.

March 2, 2023

Blogs · 5 min

Migrating project v2 boards in GitHub

Once upon a time, there were project boards in GitHub. They helped you plan, they looked like Trello, and they were much loved. They were classic. Then, one day, they were deprecated! Along came project v2 boards. They were like Trello, but also like a spreadsheet, and much more between, and they became the new project planning tool in GitHub. This post is about migrating project boards in GitHub. It's not, as you might expect, about migrating from classic project boards to v2 projects. GitHub offer a migration tool for that in their UI, and it's easy to do. Instead, this post is about migrating from one v2 board to another.

February 22, 2023

Blogs · 4 min

Landing your next remote job

Alexandra Forsberg is a Talent Acquisition Lead at Form3. She joins us to share tips for landing your next remote job. Alexandra covers all aspects of the interviewing process including where to find remote opportunities, how to stand out to hiring managers and how to prepare for a remote interview. Finally, she shares Form3's approach to the interview process.

February 15, 2023

Blogs · 5 min

Phishing with GitHub

For a Red Team operator it can be disappointing to retire a particular technique, but it can also be an opportunity to share their knowledge with the community. Phishing operations can require a lot of time and effort to set up the infrastructure, acquiring and categorising domains, fine tuning payloads, preparing pretexts and bypassing those pesky filters and controls, but there are ways to make the process simpler. This post will explore one such method, using GitHub as a tool to distribute, host, and compromise a target in a bait, hook, and catch operation that can be done from a mobile device. This post will cover: GitHub Apps, Hosting, Distribution and SSH Access.

February 1, 2023

Blogs · 5 min

My first month as a Senior Engineer at Form3

It's always daunting moving jobs. In this post, Chris Townsend shares insights into his first month as a Senior Software Engineer at Form3. He talks us through his reasons for joining, the interview process and his onboarding experience, as well as what his future career aspirations are.

January 25, 2023

Blogs · 4 min

.tech Podcast - Alternatives to async code reviews

Dragan Stepanović is a Senior Principal Engineer at Talabat. He joins Renato Rodrigues de Araujo, Senior Software Engineer at Form3, to discuss asynchronous pull request based code reviews. Dragan shares a study he conducted on the topic and discusses the advantages of synchronous team collaboration.

January 19, 2023

Blogs · 6 min

Adventures into Electron code injection on MacOS

Process injection in MacOS is a difficult topic: it is well controlled and there are simply no API calls that provide any useful interface for it. As it is a feature that rarely has legitimate use cases, it makes sense from a security perspective to disable it entirely, or at least heavily restrict it under normal user conditions. However, as a red teamer, it is difficult to move from the freedom of process hollowing and remote threads on Windows, to the harsh reality of the MacOS hardened runtime. This is true especially when trying to create hidden C2 channels and evade detection from EDR and XDR software. There is one technique, however, that does not get the recognition it deserves, most probably because it can only target Electron based applications. While this sounds like a big limitation, there are popular applications that can be targeted and are more than likely to be present on the target system such as Slack, Visual Studio Code and Microsoft Teams to only name a few. These applications can all be a target of code injection by abusing Electron's built in remote debug interface.

January 11, 2023

Blogs · 6 min

.tech Podcast - Building multi-cloud at Form3

Kevin Holditch is Head of Platform Engineering at Form3. He joins us to share the interesting problems the Platform Engineering team work on and how the Form3 payments platform was built. Then, he explains why the team decided to build a multi-cloud platform across three clouds and presents an overview of how the technologies behind this exciting project are configured.

December 15, 2022

1 of 5

left arrow right arrow