One of the most fun challenges in NahamCon 2022 was Flaskmetal Alchemist. This is a medium web challenge that involves an SQL injection that is relatively easy to spot, but tricky to exploit. I learned a few new things from this, so hopefully this write-up will provide inspiration to all you reading this. In this post I will walk you through my thought process and how I eventually exploited the vulnerability. [Read More]

If you do any kind of penetration testing or bug bounty hunting from your home PC, then as a necessity you will be sending malicious-looking traffic to your target. If your target happens to be protected by Akamai or CloudFlare, and you don’t take any special precautions, then unfortunate things may happen. Unfortunate, as in your home IP gets blocked from half the sites on the internet. To avoid this, you need to make your web traffic look like it came from a different IP address than it actually did. [Read More]

When I started my first developer job last August, I made a promise to myself. Landing the job was the culmination of several years of hard work: learning Japanese, learning how to program, preparing for the FE Exam, and learning how to job-hunt the Japanese way. In my new job I was working in a new environment, in a new industry, and in a second language. I knew it was going to take time to adjust. However, I also knew that once I had got over that initial hurdle it would be all too easy to just coast—to learn just enough to do the job, but nothing more.

My promise was this: after I had settled in to my job, I would continue to learn.

[Read More]

For those not in the know, Hugo is an amazing tool for building static websites—including the one you’re reading right now. There are no RPMs available, though, so if you’re using Fedora or another RPM-based Linux distro, then you might think you’re out of luck.

In my case, when I saw that there were no Hugo RPMs, I looked to see if there were any unofficial ones. There were, but only for Hugo v0.16, and I needed v0.17 or later for the support for multilingual sites. So no luck there. Then I investigated installing it using snap, but Fedora doesn’t support snaps out of the box, and I’m still slightly skeptical of the idea of using snaps on my system. Then I looked into installing Hugo from source, but it requires Go 1.8+, and Fedora 25 only has 1.7 in the official repositories. It was around this time that I started getting jealous of Ubuntu users’ ability to do a simple sudo apt-get install hugo. Would I have to replace my OS or set up a virtual machine just to make my website?

Thankfully, in the end, the solution was simple.

[Read More]

In May last year I passed the Fundamental Information Technology Engineers Examination.

The what?

The Fundamental Information Technology Engineers Examination, or FE for short. It’s the most rigorous and widely-taken IT exam that you’ve never heard of.

Go on, then. Why have I never heard of it?

Probably because it’s administered by a Japanese quasi-governmental organisation, in Japan, and it’s all in Japanese.

[Read More]