something about the lulz

  • Building a simple WAF with Cloudflare's worker service

    Note: this post is crappy and mostly written on crappy notes I left myself when I wrote this a few months ago. Feedback or questions can be sent to me via twitter or commenting the Github gist. A WAF in Javascript? That sounds ridiculous, doesn’t it? Cloudflare has a lot of really cool products, but my favorite that they have released so far is their worker service. Using this service we can access bits of Cloudflare’s APIs to handle requests however we like.

    Read more…
  • Hello_Everyone: an open mailing alias misadventure

    One day it had occurred to me that there are a handful of email aliases that are common among both large and small companies. Some of these email aliases are created automatically by the various email vendors. I got to thinking that it would be interesting to see how many companies expose email aliases like [email protected] or [email protected], and how many hits an attacker would get to mass-mailing these aliases.

    Read more…