Author: @s3cs&man

What we're building .... client-side encrypted content with ReAct.JS and SJCL.js Problem Space GMAIL, Facebook, Instagram, Dropbox... you name it... they typically store your data "unencrypted" or with a limited encryption where they control the keys. This means all your emails, pictures, messages and files are sitting on someone else's computer for them to see. … Continue reading PROTECT – Why & How to build Client-Side Encryption in React.Js and beyond →

Disclaimer: This article is meant to educate developers and security practitioners of the current and present dangers of node.js development. Ethically, I cannot make the majority of my code publicly available on GitHub. However, I will show a few snippets and concepts for security awareness. If you are a past or present security colleague, please … Continue reading OFFSEC – Writing Node.js malware that steals your cloud access keys →

Welcome to the public cloud/s. Long gone are the days where traditional Email DLP, URL proxy filtering and L3 firewalls help you mitigate data loss to malicious websites. Maybe you have a developer who wants to use some benign and non threatening Google API to read non sensitive data. Seems okay right? Well, I wouldn't … Continue reading NETSEC – You’re leaking to public Cloud APIs and all you can do is … →