Modeling Errors in GraphQL
GraphQL excels in modeling data requirements. Modeling errors as schema types in GraphQL is required for certain kinds of errors. In this post, let's analyze so...
Ubuntu MATE 23.10 Release Notes
Ubuntu MATE 23.10 is more of what you like, stable MATE Desktop on top of current Ubuntu. This release rolls up a number of bugs fixes and updates that conti...
Latest in Tech
Showing 951-998 of 9899
My First Year as an Engineering Manager at Zalando
Reflecting on my first year as an Engineering Manager at Zalando.
Operation-Based SLOs
Zalando developed a new type of SLOs to monitor the critical aspects of its business which is based on Operations. This blog post describes how that framework w...
Node.js / Deno の徹底討論を Node 学園で行いました。
3/17 に徹底討論という形で denoland の 日野沢さん をお呼びして Node学園で徹底討論という形で討論しました。 いくつか?...
Dizal Presents Positive NSCLC Data for Fourth-Generation EGFR TKI DZD6008 and Golidocitinib in Combination with Anti-PD-1 at ASCO 2026
**media[1078635]**Oral presentation of DZD6008 demonstrated strong and durable anti-tumor activity, excellent BBB-penetrant properties, and a favorable safety p...
Sacituzumab Tirumotecan (sac-TMT) in Combination with Pembrolizumab for First-Line Treatment of PD-L1-Positive NSCLC Published in The Lancet
**media[1078632]**CHENGDU, China, May 31, 2026 /PRNewswire/ -- Sichuan Kelun-Biotech Biopharmaceutical Co., Ltd. (the 'Company', 6990.HK) announced today that ...
incolumitas.com – Success
Have you ever wanted to know some strategies and hints how to be more successful in your daily work? Well, here, i'll compile a list of thoughts and scenarios o...
Let's begin this...
Hey World! Before you leave! This blog and homepage is under construction. Due the fact that Im currently implementing my own little wordpress theme and the rat...
No 2. - flash-album-gallery: persistent XSS exploitet with help of XSRF leading to remote code execution.
PLUGIN: http://wordpress.org/plugins/flash-album-gallery/ AFFECTED VERSION: 3.01 DOWNLOADS: 840,714 RISK: MEDIUM/HIGH The following blog post addresses a critic...
Python and curses - A small textbox selection example.
Hey dear readership :) What. I recently was in a need of a handy and nice way (not just pragmatic) to chose between different entities in the command line, each...
Create anonymous identites with fakenamegenerator.com and Python
Introduction Woah, it has been a hell of a long time since I posted my last contribution (I feel like I always begin my blog post with these introductory words)...
No 1. - wp-members: Interesting peristant XSS leading to remote code execution.
Hey you there! Type: Stored cross site scripting Risk: Medium to high Affecting: http://wordpress.org/extend/plugins/wp-members/ Vendor site: http://rocketgeek....
Exploiting wordpress plugins through admin options (No 3. — Easy Media Gallery stored XSS)
Preface This post is about general security weaknesses in wordpress plugins, that allow malicious attackers to gain code execution access on the web server (whi...
incolumitas.com – IAT hooking
What I just rummaged through my old hard disk and suddenly stumbled across some old C sources from around a year ago when I played with IAT hooking on windows 7...
The dangers of a poorly planned project
Preface Do you like to fiddle around with programming projects in your spare time? And do you sometimes start endeavors ambitiously, but you never actually fini...
Nebula Wargame walkthrough Level 0-9
In this blog post we will walk through the solutions of the levels 0 to 9 of the Nebula wargame, which is hosted on http://exploit-exercises.com. This writeup w...
Solution for wargame natas19
Hi everyone I am still trying to solve wargames on overthewire. Level 19 proofed to be very similar to level 18, where server side code looks something like the...
Solution for Natas11 for natas wargame on overthewire.org
Solution for Natas web security wargame with by XORing the plaintext with the ciphertext... Currently I am playing some wargames on overthewire.org. The first 1...
Cross platform Lichess Cheat
Edit: Cheat updated on 1.10.2015 Visit Lichess Bot Projects Page for the newest information for this bot! The description and code below will probably not work ...
A lot of work to do for GoogleScraper in the future and request for comments!
Hello dear readers I get a lot of mail regarding questions about GoogleScraper. I really appreciate them, but at some stage I cannot answer them anymore. In the...
Implementing two Graph traversal algorithms in Python: Depth First Search and Breadth First Search
Depth First Search and Breadth First Search I am right in front of a ton of exams and I need to learn about algorithms and data structures. When I read about ps...
Very good program to record audio and desktop on Linux!
First post in the new year! Hey Happy new year to all of you and let 2015 be a succesful year for us all! My New Year's resolution is to write at least two blog...
Using the Python cryptography module with custom passwords
Hey all I recently discovered a quite cute crypto module for Python. It is divided in two logical security layers. The first (Fernet) can be used by cryptology ...
Beautiful, beautiful python
Hey After a day of programming I went home to program a little bit, trying to find a way to implement some tests for my GoogleScraper project, which lacked focu...
Lichess.org chess bot!
22.05.2014: Updated the bot, should work better now Hi everyone! I was in a coding mood during Easter and decided to write a small chess bot with selenium and s...
Socks 5 client support for twisted
I recently forked twisted-socks to add SOCKS 5 support for my GoogleScraper in order to scraper Google pages asynchronously. Obviously I needed SOCKS5 support t...
Behavioral Analysis for Bot Detection
Behavioral analysis is an interesting approach to detect bots. It surely is not the panacea for bot detection, but it certainly is an useful extension in your b...
The art of cheating: Making a chess.com chess bot following an unusual approach!
Table of contents Preface: Giving first insight into the idea and why I think that hooking into a browser is a good idea. Many different ways to make browser ga...
TCP/IP Fingerprinting for VPN and Proxy Detection
TCP/IP fingerprinting is as old as the Internet itself. But this technique seems to have lost it's relevancy in our modern times. However, with the rise of Prox...
7 Common Mistakes in Professional Scraping
In this blog post, I am talking about my several year long experience with web scraping and common mistakes I made along the road. The more I dive into web scraping, the more I realize how easy it is to take wrong decisions when scraping a site. For that reason, I compiled a list of seven common mistakes in regard to web scraping.
Scraping 1 million keywords on the Google Search Engine
Scraping one million keywords is not a easy task. There are proxy problems, big data problems and reliability issues. In this blog post, the most valuable insig...
Scraping with puppeteer and headless chrome deployed to AWS Lambda
In this blog post, we demonstrate how a web scraping function is deployed to the AWS cloud with puppeteer and headless chrome.
Cryptographic properties of MACs and HMACs
Introduction Similarly as digital signatures, Message Authentication Codes provide message integrity and message authentication. When Alice generates a MAC and ...
Cryptographic Hash Functions
Introduction This blog post will introduce cryptographic hash functions. We are going to discuss the Merkle-Damgård construction which underlies many hash func...
How to find large prime numbers for RSA with the Miller-Rabin Primality Test
Introduction All sources for this blog post can be found in the Github repository about large primes. The most recent version of the sources may only be found i...
Privilege Escalation Techniques
This blog post will serve as a cheatsheet to help in my future pentesting experiments and wargames when I am stuck and don't know how to proceed. I hope it will...
Probabilistic data structures to estimate cardinalities and frequencies of massive streams
In the following blog post we will introduce three different Big Data algorithms. More specifically, we will learn about probabilistic data structures that allo...
What other package managers are vulnerable to typo squatting attacks?
In my last blog post about typosquatting package managers I discussed my findings about attacking the programming language package managers from rubygems.org, P...
Typosquatting programming language package managers
Edit: It seems that the blog post and the thesis caused quite some interest. Please contact me under the following mail address: admin [|[at]|] incolumitas [[|d...
Nebula Wargame walkthrough Level 10-19
Walkthrough of nebula wargame from level 10 to level 19
Create your own font the hard way!
Last major update on 23.10.2013 Preface As promised previously in my last article, I will guide you through the creation process of a rudimentary font. I will u...
Plotting Bézier curves directly and with De Casteljau's algorithm
Last major Update: 21.10.2013 Github repo that contains the presented code in this post. Introduction In this article I will present you a very simple and in no...
Model Based fuzzing of the WPA3 Dragonfly Handshake
The results of my Master thesis named Model based fuzzing of the WPA3 Dragonfly handshake will be quickly discussed in this blog post. No severe vulnerabilities...
Fuzzing the WPA3 Dragonfly handshake
Implementing possible fuzzing strategies with boofuzz against the WPA3 SAE Dragonfly handshake. Dragonfly is the main ingredient of WPA3 certified routers and 8...
Running a WPA3 access point with hostapd 2.7 and SAE/Dragonfly
Tutorial that shows how to run an WPA3 access point with hostapd 2.7 and SAE Dragonfly Handshake.
Battling incomplete information: Connect market demand with market supply by Google advertisement scraping and lead crawling
In this blog post, it is explained how a lack of perfect information about the market allows the clever middleman to connect market supply with market demand by...
GoogleScraper Tutorial - How to scrape 1000 keywords with Google
Tutorial that teaches how to use GoogleScraper to scrape 1000 keywords with 10 selenium browsers.