• 🏠︎ Home
  • 🖋︎ Blog

    Extreme Content Security Policies Cutter Part 3: Solving a Crackme Challenge Transferring Domains to Cloudflare Registrar Bloom Filter Log Anonymizer Cutter Part 2: Analysing a Basic Program VirtualBox Physical Windows 10 Disk on Linux Cutter Part 1: Key Terminology and Overview Travis-CI Content Security Policy Tester Launching a HackerOne Program Using Public Wi-Fi Securely Let's Encrypt SCTs in Certificates Disabling Older TLS Versions Namecoin .bit Domain Tor Onion v3 Vanity Address security.txt Internet Draft Tor Onion v3 Hidden Service iPad Mini iOS 6 Pastebin Keyword Alerts Upgrading to IPv6 Hosts File Site Blocking InspIRCd Linux Guide Creating the IRC Drawing Bot Chrome Site Whitelist Extension Subgraph OS Overview Tor Hidden Service Blocking Exloitable Content Proof Of Timestamp Identicon Gravity Animation New Site Design + Layout! Plainsight Enciphering Demo iPhone System Clock Ubuntu Phone Review

  • 💻︎ Projects

    Computing Stats Chrome Site Whitelist Extension IRC Drawing Bot

  • 🛠︎ Tools

    Exploitable Web Content Blocking Test IPv6 / IPv4 Test

  • 📖︎ Info

    Adblock Plus Configuration Chrome Extension IDs Firefox Extension IDs Git Services SSH Fingerprints Locking Down SSH Users Updated Chromium Browser Packages for Ubuntu x86_64 GPR Reference

  • 📧︎ Contact
  • 🔔︎ Subscribe

Want to sponsor my site? I am currently looking for sponsors for jamieweb.net - if you'd like to promote your brand or product via a sponsorship, please get in touch!

Jamie Scaife - United Kingdom 🇬🇧 


No Ads, No Tracking, No JavaScript

This website does not serve any adverts, tracking cookies or other internet annoyances.
It's also 100% JavaScript free.

Tor Hidden Services

This site is available through Tor at:

  • Onion v2:

    jamiewebgbelqfno.onion

  • Onion v3:

    jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd.onion


Taking Content Security Policy to the Extreme! - Policies on a Per-page Basis

Saturday 19th January 2019

For about two years at the time of writing, my website has had a Content Security Policy in order to lock-down and restrict the locations that content such as images and stylesheets can be loaded from. I had used Apache configurations in order to set a more relaxed policy for specific pages that require it, however this solution is not ideal as it becomes challenging to manage when used with larger websites with many different pages, each requiring a different policy.

I have now developed some useful PHP code that allows me to easily set a default policy for the entire website, and then override individual parts of the policy on specific pages where it is required. I've released the code to the public domain under the Unlicense, so you are welcome to use it for your own projects! Continue reading...

Security Apache


Introduction to Reverse Engineering with radare2 Cutter - Part 3: Solving a Crackme Challenge

Saturday 5th January 2019

Last year, I asked my friend Sam to write a basic crackme challenge for me to solve and then demonstrate in this series. He kindly agreed, and put together a simple password-based crackme. It looks like the following when run:

malw@re:~$ ./crackme
Enter Password (or q to quit): helloworld
Access Denied
Enter Password (or q to quit): Pa$$w0rd
Access Denied
Enter Password (or q to quit): q

In this third and final part of the series, we will solve the crackme using Cutter and some other tools. If you'd like to have a go yourself first, it is available on GitLab here. Continue reading...

Reverse Engineering Guide


Transferring Domain Names to Cloudflare Registrar

Sunday 23rd December 2018

This week I transferred all of my domain names to the brand new Cloudflare Registrar. I took screenshots throughout the process and have documented them here for anybody else who has not yet done the transfer, and wants to know what to expect before diving in. Continue reading...

Domain Names


Using a Bloom Filter to Anonymize Web Server Logs

Monday 17th December 2018

Since May 2018 when the GDPR came into full effect, I have had web server access logging completely disabled for my site. This is great from a security, privacy and GDPR compliance point of view, however it meant that I had very limited insight into the amount of traffic my site was getting.

In order to solve this problem, I have built an open-source log anonymization tool which will remove personal data from web server access logs, and output a clean version that can be used for statistical purposes. A bloom filter is used to identify unique IP addresses, meaning that the anonymized log files can still be used for counting unique visitor IPs.

I've released the tool under the MIT license, and it's available on my GitLab profile: https://gitlab.com/jamieweb/web-server-log-anonymizer-bloom-filter Continue reading...

Security Apache


View All Posts


GitLab Twitter YouTube Keybase HackerOne Hacker News

Subscribe

RSS Feed Feedly

Or subscribe via email:

Email subscriptions are powered by Revue | Privacy Notice


Popular Pages

Raspberry Pi + BOINC Stats

Stats from my RPi cluster + BOINC.

Updated Every 10 Minutes

Exploitable Web Content Blocking Test

Test whether exploitable web content is blocked in your web browser.

Tor Onion v3 Hidden Service

Testing the new Onion v3 Hidden Services.

Saturday 21st October 2017

Namecoin .bit Domain

Guide to registering a Namecoin .bit domain.

Tuesday 16th January 2018

JamieWeb

Blog | Projects | Tools | Info

Email:

Contact Info | Security | Privacy | Sponsor

Copyright © Jamie Scaife 2019

🔗 Links

GitLab

Twitter

YouTube

Keybase

HackerOne

Hacker News

🔔 Subscribe

RSS Feed

Feedly

Or subscribe via email:

Email subscriptions are powered by Revue | Privacy Notice

This request was served by nyc01.jamieweb.net (New York City) - View Fleet Status