phillip prado

cybersecurity | productivity

For many people, a major pull toward minimalism is the simplicity it provides. Not only the aesthetic simplicity but also the simplicity of choice, of habit. Minimizing and restricting choices and options can actually liberate someone in a way that freedom of excess choice can not. I argue that a similar outcome can be achieved with something I call bulk decision-making.

Read more...

I love using Write.as to host my blog. I love using Obsidian to manage the bulk of my second brain. And it's the love for these two products that eventually led me down a rabbit hole in search of a way to potentially integrate the two together. Not only did I find a solution, but it works even better than I could've imagined.

Read more...

The internet is a dangerous place, full of vulnerabilities attackers leverage to malicious ends. One of the more common vulnerabilities that websites face is cross-site scripting (XSS) attacks. XSS attacks can have serious consequences, ranging from stealing sensitive information to defacing websites. Without wasting any time, let's jump into what XSS is, how it works, and how to mitigate it on your websites.

Read more...

Brooklyn Nine Nine is an easy, beginner-friendly capture the flag exercise on TryHackMe. It features two different routes to gain both the initial foothold and the root flag. These avenues include weak passwords, poor FTP configuration, cleverly hidden credentials, and misconfigured sudo permissions.

Read more...

Wgel CTF is an easy, beginner-friendly capture the flag exercise on TryHackMe. It features bad code commenting practices, a publicly available SSH key, and poorly configured sudo permissions which lead to exfiltration of data from the target server.

Read more...

In cybersecurity, there is a buzzword I've seen some confusion about online recently. It's called zero trust, and though it sounds like vague corporate-ese at first, it actually represents a necessary approach to digital security.

Cyber threats are constantly evolving, and IT professionals need to be prepared for the worst at all times. Zero trust is a valid part of defense in depth and the principle of least privilege within a network or series of networks. But what exactly does that mean?

Read more...

In infosec, there is a seemingly never ending list of acronyms any cyber professional must be familiar with in order to work efficiently and effectively. One of those is a common vulnerability known as IDOR.

IDOR stands for Insecure Direct Object Reference, and it's a type of vulnerability that can have serious implications for the security of web applications if not properly addressed. But what is it exactly?

Read more...

Bitwarden is one of the best password managers in the business. It's easy to use, open-source, secure, and cross-platform. Honestly, there are very few downsides to using Bitwarden.

And, as many of you may know, a password manager's best friend is a solid 2FA client. Though Bitwarden supports 2FA passwords from within the password manager as a premium feature, it's always been a better security practice to keep those two things separate.

Now, the team behind Bitwarden are helping up your security game by offering 2FA functionality in a separate app: Bitwarden Authenticator.

Read more...

In the world of networking, two fundamental models serve as the backbone for communication protocols and standards: the OSI model and the TCP/IP model. Both models are quite similar, providing frameworks for how data is transmitted across networks at various stages of the process.

Understanding these models is crucial for anyone working in IT, cybersecurity, or any related tech field. But what exactly are they?

Read more...

I am a huge fan of Flatpak applications on Linux. I like how they work. I like how easy they are to install. I like how you can control their permissions with such granularity. Etc.

Well now, I have yet another reason to love Flatpaks: easy installation reproducibility. Let me show you what I mean.

Read more...

Enter your email to subscribe to updates.