From 0ea515752c1805d41c1ba2b04460f4c669c86450 Mon Sep 17 00:00:00 2001 From: paul Date: Fri, 16 Jan 2026 11:12:03 -0500 Subject: [PATCH] More summaries and tags --- content/posts/README.md | 13 ++++++------- content/posts/code-complete-summations-metaphors.md | 8 ++++++++ ...code-complete-summations-pre-requisets-part-1.md | 10 ++++++++++ ...code-complete-summations-pre-requisets-part-2.md | 12 ++++++++++++ ...code-complete-summations-pre-requisets-part-3.md | 12 ++++++++++++ .../code-complete-summations-variable-names.md | 8 ++++++++ .../exploring-enrollment-over-secure-transport.md | 10 ++++++++++ content/posts/fast-flux-botnet-overview.md | 9 +++++++++ content/posts/pseudo-random-number-generators.md | 9 +++++++++ content/posts/random-algorithm-analysis.md | 9 +++++++++ content/posts/rsa-optimization.md | 8 ++++++++ .../secure-coding-in-c-summations-concurrency.md | 9 +++++++++ .../posts/secure-coding-in-c-summations-file-io.md | 9 +++++++++ .../secure-coding-in-c-summations-free-and-null.md | 10 ++++++++++ ...ecure-coding-in-c-summations-null-terminate-2.md | 10 +++++++++- .../secure-coding-in-c-summations-null-terminate.md | 8 ++++++++ .../stateless-detection-of-malicious-traffic.md | 8 ++++++++ 17 files changed, 154 insertions(+), 8 deletions(-) diff --git a/content/posts/README.md b/content/posts/README.md index 36d0d53..71bdee7 100644 --- a/content/posts/README.md +++ b/content/posts/README.md @@ -2,18 +2,17 @@ author: "Halvo (Human)" title: "README" date: 2019-08-01 +tags: + - blog + - security + - notes draft: false +summary: | + A quick intro to the personal security‑research blog—where I mash together mini‑studies, and reading notes. --- ## Security Blog This blog is various summaries of minor research, reading, and independant learning in regards to computer security. -Mostly this blog is to satisfy the requiremnts for my Security+ certificate. - -## Cert ID - -Security+ ID: COMP001021281239 - -Exp Date: 04/04/2024 diff --git a/content/posts/code-complete-summations-metaphors.md b/content/posts/code-complete-summations-metaphors.md index a6f8d00..1aa7c01 100644 --- a/content/posts/code-complete-summations-metaphors.md +++ b/content/posts/code-complete-summations-metaphors.md @@ -2,7 +2,15 @@ author: "Halvo (Human)" title: "Metaphors: Code Complete Summations" date: 2023-11-13 +tags: + - code-complete + - metaphors + - software-development + - security + - coding-practices draft: false +summary: | + A light‑hearted look at Steve McConnell’s “Code Complete” metaphors—Penmanship, Farming, and Oyster Farming—and how each style can make your code more or less secure. Think of Penmanship as scribbling a quick note (great for tiny scripts, terrible for big projects), Farming as planting seeds with a bit of watering (testing each piece, but still lacking a master plan), and Oyster Farming as building a sturdy oyster bed (design first, then grow securely). Spoiler: the oyster wins the security contest. --- ## Introduction diff --git a/content/posts/code-complete-summations-pre-requisets-part-1.md b/content/posts/code-complete-summations-pre-requisets-part-1.md index 16b6951..ae7f4ed 100644 --- a/content/posts/code-complete-summations-pre-requisets-part-1.md +++ b/content/posts/code-complete-summations-pre-requisets-part-1.md @@ -2,7 +2,17 @@ author: "Halvo (Human)" title: "Pre-Requisites (Part I) Initial Design: Code Complete Summations" date: 2023-12-20 +tags: + - pre-requisites + - insecure-design + - owasp-top-10 + - security + - software-design + - planning + - requirements draft: false +summary: | + A breezy, slightly tongue‑in‑cheek look at why solid planning isn’t just good housekeeping—it’s a frontline defense. We walk through OWASP’s Insecure Design warning, compare personal versus mission‑critical projects, and tease out iterative vs. sequential approaches, all with a sprinkle of humor to keep the security talk from feeling like a lecture. --- ## Introduction diff --git a/content/posts/code-complete-summations-pre-requisets-part-2.md b/content/posts/code-complete-summations-pre-requisets-part-2.md index f61f3e6..8b6c06e 100644 --- a/content/posts/code-complete-summations-pre-requisets-part-2.md +++ b/content/posts/code-complete-summations-pre-requisets-part-2.md @@ -2,7 +2,19 @@ author: "Halvo (Human)" title: "Pre-Requisites (Part II) Initial Design: Code Complete Summations" date: 2023-12-26 +tags: + - pre-requisites + - insecure-design + - owasp-top-10 + - architecture + - communication-protocols + - data-design + - ui-separation + - error‑logging + - security draft: false +summary: | + A light‑hearted deep‑dive into architectural prerequisites—communication, class skeletons, data design, UI separation, and error/log handling. Think of it as laying a solid blueprint before the code construction crew arrives, because a wobbly foundation makes for a lot of late‑night debugging (and security headaches). --- ## Introduction diff --git a/content/posts/code-complete-summations-pre-requisets-part-3.md b/content/posts/code-complete-summations-pre-requisets-part-3.md index 7b81031..628581d 100644 --- a/content/posts/code-complete-summations-pre-requisets-part-3.md +++ b/content/posts/code-complete-summations-pre-requisets-part-3.md @@ -2,7 +2,19 @@ author: "Halvo (Human)" title: "Pre-Requisites (Part III) Initial Design: Code Complete Summations" date: 2024-03-05 +tags: + - pre-requisites + - insecure-design + - owasp-top-10 + - resource-management + - databases + - threading + - file-handles + - error-processing + - security draft: false +summary: | + A breezy look at the nitty‑gritty of resource and error management—databases, threading, file handles, and error‑handling philosophies. It’s the “don’t forget to tighten the bolts” chapter, reminding us that unmanaged resources and sloppy error handling are the secret doors that attackers love to sneak through. --- ## Introduction diff --git a/content/posts/code-complete-summations-variable-names.md b/content/posts/code-complete-summations-variable-names.md index 573adf3..2576ebb 100644 --- a/content/posts/code-complete-summations-variable-names.md +++ b/content/posts/code-complete-summations-variable-names.md @@ -2,7 +2,15 @@ author: "Halvo (Human)" title: "Variable Usage: Code Complete Summations" date: 2024-02-23 +tags: + - variable-naming + - code-complete + - security + - best-practices + - software-development draft: false +summary: | + A breezy look at why good variable names, sensible placement, proper initialization, and single‑purpose usage aren’t just tidy coding habits—they’re tiny security shields. Clear names like `sanitizedUserInput` keep bugs (and attackers) from slipping through the cracks, while keeping variables close to their use and initialized from the get‑go reduces the chance of leaks, memory mishaps, and confusing code. --- ## Introduction diff --git a/content/posts/exploring-enrollment-over-secure-transport.md b/content/posts/exploring-enrollment-over-secure-transport.md index 11955ec..706938a 100644 --- a/content/posts/exploring-enrollment-over-secure-transport.md +++ b/content/posts/exploring-enrollment-over-secure-transport.md @@ -2,7 +2,17 @@ author: "Halvo (Human)" title: "Exploring Enrollment over Secure Transport" date: 2023-03-30 +tags: + - est + - secure-transport + - certificate-pinning + - public-key + - tls + - authentication + - security draft: false +summary: | + A light‑hearted dive into RFC 7030 (EST) as a smarter alternative to hard‑coded, pinned certificates. By letting clients fetch fresh TLS certs via a public‑key‑authenticated EST server, you dodge the nightly release‑cycle nightmare, gain easy revocation, and keep the private key out of the binary—plus a dash of extra work for the user that’s worth the security payoff. --- ## Introduction diff --git a/content/posts/fast-flux-botnet-overview.md b/content/posts/fast-flux-botnet-overview.md index 2100d8f..39ea0ef 100644 --- a/content/posts/fast-flux-botnet-overview.md +++ b/content/posts/fast-flux-botnet-overview.md @@ -2,7 +2,16 @@ author: "Halvo (Human)" title: "Fast Flux Botnet Overview" date: 2019-09-26 +tags: + - fast-flux + - botnet + - dns + - detection + - mitigation + - security draft: false +summary: | + A breezy, tour of fast‑flux botnets, those sneaky DNS tricks that let malicious actors hop around like digital grasshoppers. We’ll peek at how dynamic DNS and round‑robin magic keep the bad guys’ command‑and‑control servers slippery, and glance at the cat‑and‑mouse game of detection (TTL tricks, activity indexes, and the occasional semantic sleuthing). Spoiler: it’s a wild ride, but the good news is there are ways to shine a flashlight on the flux. --- ## Introduction diff --git a/content/posts/pseudo-random-number-generators.md b/content/posts/pseudo-random-number-generators.md index 4bd2684..47be33b 100644 --- a/content/posts/pseudo-random-number-generators.md +++ b/content/posts/pseudo-random-number-generators.md @@ -2,7 +2,16 @@ author: "Halvo (Human)" title: "Pseudo Random Number generators" date: 2024-03-22 +tags: + - prng + - randomness + - cryptography + - entropy + - hardware + - security draft: false +summary: | + A light‑hearted tour of the quirky ways we coax randomness out of lava‑lamps, Geiger counters, ambient noise, and good‑old motherboard sensors, because good cryptography needs a little chaos (and a lot of fun). --- ## Introduction diff --git a/content/posts/random-algorithm-analysis.md b/content/posts/random-algorithm-analysis.md index aedc700..f3c14b3 100644 --- a/content/posts/random-algorithm-analysis.md +++ b/content/posts/random-algorithm-analysis.md @@ -2,7 +2,16 @@ author: "Halvo (Human)" title: "Random Algorithm Analysis" date: 2020-04-17 +tags: + - random-algorithms + - analysis + - silence-on-the-wire + - security + - python + - randomness draft: false +summary: | + A playful replay of Zalewski’s “Silence on the Wire” experiment: plotting 3‑D scattergrams of various RNGs (Python, shuf, urandom, online services) to see if any have secretly upgraded their magic. Spoiler: they all look suspiciously alike. --- ## Introduction diff --git a/content/posts/rsa-optimization.md b/content/posts/rsa-optimization.md index 77da77d..089a6a4 100644 --- a/content/posts/rsa-optimization.md +++ b/content/posts/rsa-optimization.md @@ -2,7 +2,15 @@ author: "Halvo (Human)" title: "RSA Optimization" date: 2022-12-06 +tags: + - rsa + - optimization + - instruction-set + - cryptography + - performance draft: false +summary: | + A dive into a custom ISA for RSA: modular‑instruction shortcuts, multiply‑subtract tricks, and exponentiation‑by‑squaring hacks that shave a few cycles off the dreaded big‑number math. --- ## INTRODUCTION diff --git a/content/posts/secure-coding-in-c-summations-concurrency.md b/content/posts/secure-coding-in-c-summations-concurrency.md index dc3e7b0..ba251a1 100644 --- a/content/posts/secure-coding-in-c-summations-concurrency.md +++ b/content/posts/secure-coding-in-c-summations-concurrency.md @@ -2,7 +2,16 @@ author: "Halvo (Human)" title: "Concurrency: Summations of Secure Coding in C and C++" date: 2023-01-27 +tags: + - concurrency + - mutex + - threading + - c + - cpp + - secure-coding draft: false +summary: | + A light‑hearted rant about why a plain‑old `mutex` is the hero of secure C/C++ concurrency, why `goto` is still secretly useful, and how to keep your locks short and your bugs shorter. --- ## Introduction diff --git a/content/posts/secure-coding-in-c-summations-file-io.md b/content/posts/secure-coding-in-c-summations-file-io.md index 652746b..b55a78a 100644 --- a/content/posts/secure-coding-in-c-summations-file-io.md +++ b/content/posts/secure-coding-in-c-summations-file-io.md @@ -2,7 +2,16 @@ author: "Halvo (Human)" title: "Concurrency: Summations of Secure Coding in C and C++" date: 2023-06-29 +tags: + - file-io + - secure-coding + - c + - cpp + - permissions + - least-privilege draft: false +summary: | + A breezy guide to keeping file operations safe: validate paths, lock down permissions, and never let a privileged process wander into a user’s temp folder. --- ## Introduction diff --git a/content/posts/secure-coding-in-c-summations-free-and-null.md b/content/posts/secure-coding-in-c-summations-free-and-null.md index f134bbc..a129f0f 100644 --- a/content/posts/secure-coding-in-c-summations-free-and-null.md +++ b/content/posts/secure-coding-in-c-summations-free-and-null.md @@ -2,7 +2,17 @@ author: "Halvo (Human)" title: "Set to NULL After Free: Summations of Secure Coding in C and C++" date: 2022-08-17 +tags: + - free-and-null + - secure-coding + - c + - cpp + - memory-management + - pointers + - security draft: false +summary: | + A breezy, slightly tongue‑in‑cheek look at why setting pointers to `NULL` right after `free` (and a few related memory‑management niceties) can save you from nasty use‑after‑free bugs, memory leaks, and the occasional midnight debugging panic. --- ## Introduction diff --git a/content/posts/secure-coding-in-c-summations-null-terminate-2.md b/content/posts/secure-coding-in-c-summations-null-terminate-2.md index 2b0e5a5..fa97c67 100644 --- a/content/posts/secure-coding-in-c-summations-null-terminate-2.md +++ b/content/posts/secure-coding-in-c-summations-null-terminate-2.md @@ -2,7 +2,15 @@ author: "Halvo (Human)" title: "Always null Terminate (Part 2): Summations of Secure Coding in C and C++" date: 2022-08-13 +tags: + - string-concatenation + - null-termination + - c + - cpp + - secure-coding draft: false +summary: | + The sequel to the null‑termination saga, now tackling `strcat`, `strncat`, `strlcat`, and friends—plus a quick table to keep your concatenations from turning into catastrophes. --- ## Introduction @@ -11,7 +19,7 @@ Series on summarizing themes in "Secure Coding in C and C++" by Robert C. Seacor This is written for an audience that has a broad overview of security concepts. Not much time is spent explaining each concept, and I encourage everyone to read the book. -The first theme to discuss is always `null` terminating `char *` or `char array` buffers (unless you have a *very* specific reason for not). This is very important to help prevent buffer overflows, reading arbitrary memory, accessing 'inaccessible' memory. This is part 2 where we will discuss string cat and length. For a brief discussion on string copy see [part 1](/posts/secure-coding-in-c-summations-null-terminate.md). +The first theme to discuss is always `null` terminating `char *` or `char array` buffers (unless you have a *very* specific reason for not). This is very important to help prevent buffer overflows, reading arbitrary memory, accessing 'inaccessible' memory. This is part 2 where we will discuss string cat and length. For a brief discussion on string copy see [part 1](posts/secure-coding-in-c-summations-null-terminate.md). ## Functions Needing null diff --git a/content/posts/secure-coding-in-c-summations-null-terminate.md b/content/posts/secure-coding-in-c-summations-null-terminate.md index 8718027..c9bd202 100644 --- a/content/posts/secure-coding-in-c-summations-null-terminate.md +++ b/content/posts/secure-coding-in-c-summations-null-terminate.md @@ -2,7 +2,15 @@ author: "Halvo (Human)" title: "Always null Terminate: Summations of Secure Coding in C and C++" date: 2021-09-01 +tags: + - null-termination + - strings + - c + - cpp + - secure-coding draft: false +summary: | + A light‑hearted reminder that every character buffer deserves a `'\0'`—otherwise you’re inviting buffer overflows, stray reads, and a lot of debugging grief. --- ## Introduction diff --git a/content/posts/stateless-detection-of-malicious-traffic.md b/content/posts/stateless-detection-of-malicious-traffic.md index eb71b54..0bc2450 100644 --- a/content/posts/stateless-detection-of-malicious-traffic.md +++ b/content/posts/stateless-detection-of-malicious-traffic.md @@ -2,7 +2,15 @@ author: "Halvo (Human)" title: "Stateless Detection of Malicious Traffic" date: 2019-08-23 +tags: + - stateless-detection + - network-security + - traffic-analysis + - ids + - machine-learning draft: false +summary: | + A recap of my master’s thesis that proves you can sniff out nasty traffic using only one‑way packet metadata (TTL, ports, timing)—no payload inspection required. --- ## Introduction