c0nrad.io

c0nrad.io

C0nrad.io Stuart Larsen. Stuart Larsen is currently a security engineer at MongoDB. He's been programming for about 12 years on things from quantum emulators, to cat fact spamming websites, to open source security tools. Previously he worked at Yahoo! Slides: https:/ pacsec.jp/psj15/PSJ2015 Stuart Attacking-HTTP2-Implementations en.pdf. Security Basics: Lessons From a Paranoid. NYC /w Meetup, 2015. Slides: http:/ c0nrad.io/paranoids/slides.pdf. Spearing Superfish with HPKP. Apache Traffic Server - HTTP2 ...

http://www.c0nrad.io/

OVERVIEW OF c0nrad.io

TRAFFIC RANK

>1,000,000

REVIEWS

0

PAGES IN THIS WEBSITE

2

LINKS TO THIS WEBSITE

CONTACTS

ADDRESSES

SOCIAL LINKS

ONLINE SINCE

WEBSITE DETAILS

SEO

PAGES

SIMILAR SITES

TRAFFIC RANK FOR C0NRAD.IO

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

BEST MONTH

December

AVERAGE PER DAY Of THE WEEK

HIGHEST TRAFFIC ON

Saturday

TRAFFIC BY CITY

Sign up

CUSTOMER REVIEWS

Average Rating: 3.4 out of 5 with 11 reviews

5 star

3

4 star

2

3 star

4

2 star

0

1 star

2

Hey there! Start your review of c0nrad.io

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

LOAD TIME

1.9 seconds

CONTACTS AT C0NRAD.IO

ADD CONTACT

Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

CONTENT

PAGES IN
THIS WEBSITE

2

SSL

EXTERNAL LINKS

11

SITE IP

162.243.11.58

LOAD TIME

1.875 sec

SCORE

6.2

PAGE TITLE

c0nrad.io | c0nrad.io Reviews

<META> DESCRIPTION

C0nrad.io Stuart Larsen. Stuart Larsen is currently a security engineer at MongoDB. He's been programming for about 12 years on things from quantum emulators, to cat fact spamming websites, to open source security tools. Previously he worked at Yahoo! Slides: https:/ pacsec.jp/psj15/PSJ2015 Stuart Attacking-HTTP2-Implementations en.pdf. Security Basics: Lessons From a Paranoid. NYC /w Meetup, 2015. Slides: http:/ c0nrad.io/paranoids/slides.pdf. Spearing Superfish with HPKP. Apache Traffic Server - HTTP2 ...

<META> KEYWORDS

1 blog

2 email

3 github

4 twitter

5 resume

6 talks

7 attacking http/2 implementations

8 location yahoo

9 v=kfhq8sjiwca

10 articles / blogs

CONTENT

Page content here

KEYWORDS ON PAGE

blog,email,github,twitter,resume,talks,attacking http/2 implementations,location yahoo,v=kfhq8sjiwca,articles / blogs,attacking http2 implementations,matasano crypto challeneges,high school blog,recent blog,competitions / wargames,security/ctf,algorithmic

POWERED BY

Express

CONTENT-TYPE

utf-8

GOOGLE PREVIEW

c0nrad.io | c0nrad.io Reviews

https://c0nrad.io

C0nrad.io Stuart Larsen. Stuart Larsen is currently a security engineer at MongoDB. He's been programming for about 12 years on things from quantum emulators, to cat fact spamming websites, to open source security tools. Previously he worked at Yahoo! Slides: https:/ pacsec.jp/psj15/PSJ2015 Stuart Attacking-HTTP2-Implementations en.pdf. Security Basics: Lessons From a Paranoid. NYC /w Meetup, 2015. Slides: http:/ c0nrad.io/paranoids/slides.pdf. Spearing Superfish with HPKP. Apache Traffic Server - HTTP2 ...

INTERNAL PAGES

c0nrad.io

1

Generating Content-Security-Policies, the easy way

http://c0nrad.io/blog/csp.html

Generating Content-Security-Policies, the easy way. Content-Security-Policy (CSP) is a relatively new HTTP header for eliminating potential XSS vulnerabilities from your website. This article will give a brief intro to CSP, and then shows some newer tools related to CSP, and how to use them to generate a policy for a website. Here's an example policy:. This is an example policy you might see on a simple website. Lets break it down by resource:. Script-src www.google.com;. Normally inline scripts are not ...

2

Matasano Crypto Challeneges

http://c0nrad.io/blog/matasano.html

I recently finished the Matasano crypto challeneges. I definetly enjoyed the challeneges even if they were a bit frustrating at times. It took me about a year and nine months to solve the first six sets. The challeneges can be found at http:/ cryptopals.com/. There's six sets of eight problems covering a wide range of different crypto ideas. In the end, it was definetly worth it. Some advice for people getting started:. You're going to be reusing a lot of code. They are definitely of differing difficulty.

UPGRADE TO PREMIUM TO VIEW 0 MORE

TOTAL PAGES IN THIS WEBSITE

2

LINKS TO THIS WEBSITE

c0nradsc0rner.wordpress.com

CSP and SVG – c0nradsc0rner

https://c0nradsc0rner.wordpress.com/2016/08/30/csp-and-svg

Mostly security and programming tutorials. This is really just a security misconfiguration. But if you’re using CSP (Content-Security-Policy), it’s something to keep in mind. The tl;dr is make sure. If you’re not using it. Using this “attack” you can reflect SVGs to get execution even in a CSP controlled environment. This is just another recipe to add to your books for bypassing CSP (insecure directives, JSONP, base offset, encoding). Website with File/Image Upload (accepting SVG). An XSS injection,.

c0nradsc0rner.wordpress.com

c0nradsc0rner – Page 2 – Mostly security and programming tutorials

https://c0nradsc0rner.wordpress.com/page/2

Mostly security and programming tutorials. XSS persistence using JSONP and serviceWorkers. One of my favorite exploits in the world is this web attack that allows you to maintain access to a website within a users browser indefinitely. Even if they close the browser and come back without a session you’ll still be hooked. It works by combining an unfiltered JSONP route, serviceWorkers, and an XSS to create a persistent backdoor on a website. A great introduction to serviceWorkers can be found here. Html b...

c0nradsc0rner.wordpress.com

BSON and Golang Interfaces – c0nradsc0rner

https://c0nradsc0rner.wordpress.com/2016/06/19/bson-and-golang-interfaces

Mostly security and programming tutorials. BSON and Golang Interfaces. This weekend I decided to implement BSON. BSON is just a binary representation of JSON with some extra types and traversal speed improvements. Traversal speed is important for rapidly scanning a group of BSON objects (called Documents) for specific pieces of information. Lets imagine you had a list of JSON like the following, and you were searching for the information under the key value “secret”. The Type Identifier (byte). Normally ...

c0nradsc0rner.wordpress.com

Playing With Ethereum – c0nradsc0rner

https://c0nradsc0rner.wordpress.com/2016/06/22/playing-with-ethereum

Mostly security and programming tutorials. I’ve been skirting around Ethereum for awhile. Now and then I see a post about it in hacker news, or people circle jerking over the DAO. But it is pretty confusing. I decided to dive in yesterday and see what you can do with Ethereum. Smart contracts are only starting to make sense now that I’ve been playing with them. This was my favorite intro article:. This is the online IDE I used:. And I used the Wallet from the main website:. To perform any actions, you ne...

newyorktechjournal.com

New York Tech Journal

http://newyorktechjournal.com/category/security

New York Tech Journal. Tech news from the Big Apple. Links about Technology in Society. Posted on May 4th, 2016. 05/04/2016 @ AWS popup loft, 350 West Broadway, NY. Blockstack offers secure identification based on blockchain encryption and confirmation. Six speakers described the underlying machinery and applications. Muneeb Ali – An Overview of Blockstack. Jude Nelson – The Blockstack Server and CLI. Josh Jeffryes – OpenBazaar and Blockstack Identity. Arkadiy Kukarkin – MediaChain. OpenBazaar (a place t...

c0nradsc0rner.wordpress.com

Intro to SameSite Cookies (CSRF Protection) – c0nradsc0rner

https://c0nradsc0rner.wordpress.com/2016/06/17/intro-to-samesite-cookies-csrf-protection

Mostly security and programming tutorials. Intro to SameSite Cookies (CSRF Protection). A pretty common web attack involves hijacking a user’s session to get them to perform actions on your behalf. Lets say Bob signs into his bank account at bank.com. From now on, whenever Bob interacts with bank.com the browser will send his cookies so that bank.com knows that the request was made by Bob. Lets say Eve knows that he is logged into bank.com and sends him a message like:. Check out this sweet cat picture:.

c0nradsc0rner.wordpress.com

ECB Byte at a Time – c0nradsc0rner

https://c0nradsc0rner.wordpress.com/2016/07/03/ecb-byte-at-a-time

Mostly security and programming tutorials. ECB Byte at a Time. ECB Byte at a Time is a fun crypto attack that doesn’t require any math knowledge. Just an understanding of the systems work and how they interact. Lets imagine you had some session cookie or token that was constructed like:. AES ECB(INPUT SECRET, KEY). It’s possible to determine SECRET with only control of INPUT! The actual encryption algorithm doesn’t matter either (in this case AES), as long it’s block based and uses ECB. So how can we use...

c0nradsc0rner.wordpress.com

Cookie Shadow Path Injection – c0nradsc0rner

https://c0nradsc0rner.wordpress.com/2016/07/06/cookie-shadow-path-injection

Mostly security and programming tutorials. Cookie Shadow Path Injection. Did you know multiple cookies can have the same name on a domain? Yep, cookies aren’t unique on the name, they are “unique” on the tuple of (Name,Domain,Path). So you could have a session cookie for example.com/secret, and a different one for example.com/ with the same name. Why would you want to do that? But what sorts of attacks can we do with that? And proxy the request to the right application. To see who is accessing their site.

c0nradsc0rner.wordpress.com

c0nradsc0rner – c0nradsc0rner

https://c0nradsc0rner.wordpress.com/author/c0nradsc0rner

Mostly security and programming tutorials. This is really just a security misconfiguration. But if you’re using CSP (Content-Security-Policy), it’s something to keep in mind. The tl;dr is make sure. If you’re not using it. Using this “attack” you can reflect SVGs to get execution even in a CSP controlled environment. This is just another recipe to add to your books for bypassing CSP (insecure directives, JSONP, base offset, encoding). Website with File/Image Upload (accepting SVG). An XSS injection,.

UPGRADE TO PREMIUM TO VIEW 2 MORE

TOTAL LINKS TO THIS WEBSITE

11

SOCIAL ENGAGEMENT

xc0nradx

OTHER SITES

c0nquest-0f-paradiize.skyrock.com

Blog de c0nquest-0f-paradiize - Sii ta riien a faiire apar me criitiikaii bah faii k0m t0n pèr NiiK TA MéRE - Skyrock.com

Mot de passe :. J'ai oublié mon mot de passe. Sii ta riien a faiire apar me criitiikaii bah faii k0m t0n pèr NiiK TA MéRE. OON PASSE DES SUCETTES AUX CiiGARETTES,. DES VERRES DE C0CA AUX VERRES DE V0DKA,. DES PYJAMAS PARTiES AUX BOiTES DE NUiTS. DE L'ENFANCE A L'ADOLESCENCE . . . Il aiimaiit la mOrt. Elle aiimaiit la viie. Il viivaiit pOur elle. Elle est mOrte pOur luii. PlutO ma viie =D. Mise à jour :. Laurent Wolf - No stress. Abonne-toi à mon blog! Cliik La Sii tu l0ze =). Ou poster avec :. N'oublie p...

c0nr4ad--0rg4smiik.skyrock.com

Blog de c0nr4ad--0rg4smiik - ℓ‛øяgдѕмιιк__x3 - Skyrock.com

Mot de passe :. J'ai oublié mon mot de passe. 8467;‛øяgдѕмιιк x3. NORMAL T'ES CHEZ L'ORAGSMiiK. ICi SKY DE MON HOMME SA RiGOLE PLUS! 100% ORGASMiik C POUR SA K'iL A PAS BESOiiN DE TOUTE SA CLiiK. M0i JTE Di K'iL EST UNNNNiK , MAiiS CHERCHE PAS iL EST A M0ii x). AC TOii C LE B0NHEUR SRX! TON SOURiRE , TES BiSOUX , TES CALiNS , TES MOTS D'AMOURS , TES PTiTS REGARDS , TA JOIE DE ViVRE ET TT SKE TU FAii POUR MOii ( SiSiii iL FAi BCP EN J'EN SUiS CONSCiENTE! C'EST POUR TOUT SA KE JE L'AiME MON HOMME!

c0nr4d.deviantart.com

c0nr4d | DeviantArt

Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Biggest Official StreetArt Group. Deviant for 11 Years. Biggest Official StreetArt Group. Deviant.Art.Graffiti.Revolution. The Street Art Group. This deviant's activity is hidden. Deviant since Jan 25, 2007. This is the place where you can personalize your profile! By moving, adding and personalizing widgets. You can drag and drop to rearrange. Window.L...

c0nr4t.deviantart.com

C0NR4T (conrat) - DeviantArt

Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? Deviant for 5 Years. This deviant's full pageview. Last Visit: 78 weeks ago. This is the place where you can personalize your profile! Bajo un ...

c0nrad-web.skyrock.com

Blog de c0nrad-web - Blog de c0nrad-web - Skyrock.com

Mot de passe :. J'ai oublié mon mot de passe. Bienvenue dans une nouvelle source , sur notre star de télé-réalité préférée Lauren Conrad ♪. 8594;Photos , Vidéos. 8226;Version 1.0. 8226;Logiciel : Photofiltre / Unfreez. 8226;Création : 10.08.2010. 8226;Avatar : LesFreresScott-Online. 8226;Amis : Acceptés ( minimum 2 com's). 8226;Favoris : Je choisis. 8226;Pub: Acceptées , Lu , peut etre Visité. 8226;Offres: Si vous ne précisez pas laquelle je ne rends rien. 8226;Commentaires : rendus sauf blog perso.

c0nrad.io

C0nrad.io Stuart Larsen. Stuart Larsen is currently a security engineer at MongoDB. He's been programming for about 12 years on things from quantum emulators, to cat fact spamming websites, to open source security tools. Previously he worked at Yahoo! Slides: https:/ pacsec.jp/psj15/PSJ2015 Stuart Attacking-HTTP2-Implementations en.pdf. Security Basics: Lessons From a Paranoid. NYC /w Meetup, 2015. Slides: http:/ c0nrad.io/paranoids/slides.pdf. Spearing Superfish with HPKP. Apache Traffic Server - HTTP2 ...

c0nrad66.skyrock.com

c0nrad66's blog - * La petite vie de ¢Θnrad. CΘnrad la vache . * - Skyrock.com

La petite vie de Θnrad. CΘnrad la vache . *. 11/03/2007 at 9:34 AM. 24/03/2008 at 5:01 AM. Un peu de pub. Subscribe to my blog! Don't forget that insults, racism, etc. are forbidden by Skyrock's 'General Terms of Use' and that you can be identified by your IP address (66.160.134.4) if someone makes a complaint. Please enter the sequence of characters in the field below. Posted on Thursday, 24 May 2007 at 5:58 AM. Edited on Saturday, 21 July 2007 at 7:24 AM. Add this video to my blog. 15 ans cte vieille.

c0nradsc0rner.wordpress.com

c0nradsc0rner – Mostly security and programming tutorials

Mostly security and programming tutorials. This is really just a security misconfiguration. But if you’re using CSP (Content-Security-Policy), it’s something to keep in mind. The tl;dr is make sure. If you’re not using it. Using this “attack” you can reflect SVGs to get execution even in a CSP controlled environment. This is just another recipe to add to your books for bypassing CSP (insecure directives, JSONP, base offset, encoding). Website with File/Image Upload (accepting SVG). An XSS injection,.

c0nri-uni-verselle.skyrock.com

Blog de c0nri-uni-verselle - Tous se partage,même sa ;-) - Skyrock.com

Mot de passe :. J'ai oublié mon mot de passe. Tous se partage,même sa ;-). Lui,c'est un pompier. L'autre, c'est un ptit ange. Et eux.- -'.CEST DES BOULETS. Et tous ensemble ,c'est dur de géré '. Mise à jour :. Commençons par Dim. voila vous savez. Maud:je lé conu o colege o debut on a u du. Abonne-toi à mon blog! 9792; ∞. 9794; → Garçons. 9792;→ Fille. Ou poster avec :. Retape dans le champ ci-dessous la suite de chiffres et de lettres qui apparaissent dans le cadre ci-contre. Ou poster avec :. Maintenan...

c0ns--t4nc3.skyrock.com

c0ns--t4nc3's blog - Constaance.(Ll) - Skyrock.com

Design by c0ns- t4nc3. 01/03/2008 at 1:56 AM. 13/11/2017 at 2:11 PM. You can not see the blog of c0ns- t4nc3, it is configured so that nobody can see it. Post to my blog. Here you are free.

c0ns-c0ns.skyrock.com

c0ns-c0ns's blog - (0N$T@N( - Skyrock.com

O0 bOnnE vIsiTe 0o. 29/01/2006 at 11:57 AM. 12/08/2006 at 5:08 AM. Je me suis rendue compte que je n'avait. Genre de musique préféré? Subscribe to my blog! Il faut tjs commencer par ce qu'on a de plus cher au monde. Je ne vais pas faire une longue tirade puisque je peux résumer le tout en un mot. Don't forget that insults, racism, etc. are forbidden by Skyrock's 'General Terms of Use' and that you can be identified by your IP address (66.160.134.62) if someone makes a complaint. UN bout de jB. Don't forg...