Blog

Me

My name is Nikola Cucakovic, I'm a security engineer. I enjoy building, breaking, and fixing things - especially games. I'm particularly interested in Mobile, Web, and Cloud technologies. See about me to find out more.

  • Automating Templated JSON Fuzzing / Unit Testing

    JSON (JavaScript Object Notation) is a widely used lightweight data-interchange format. It is commonly used to share data between decoupled components / systems, store data persistently, and import / export data in / out of sytems. Manually testing JSON structures can be combersome and prone to human error, especially in complex nested structures. This post presents a JSON parsing algorithm that generates permutations of JSON structures automatically that can be used to automate unit testing / fuzzing activities.

  • Ephemeral AWS Credentials in Github Actions

    Github provides a built-in mechanism to automate development workflows through Github Actions. Integrating workflows with AWS services is a common use case, however, many tutorials suggest the path of least resistance - introducing sharp edges. This post presents a CDK application that is deployed to through Github Actions using ephemeral AWS credentials.

  • Object Oriented Discord Bot in Python

    Discord bots are a great way to enhance the functionality of a server and enrich user experience. There are many tutorials out there that provide a quick and dirty approach to creating a discord bot but very few, if any, discuss scalable alternatives.This post digs into creating and structuring a discord bot for larger projects using object orientated programming.

  • Handling Relative URLs for Redirects / Forwards

    Remediating unvalidated forwards and redirects is almost always achieved by using an allow list of absolute URLs. Although what do you do if the absolute URL is not known ahead of time? This post digs into validating URLs for redirects / forwards using a relative path.

  • R2Con2020 CTF - Cyberlock

    A walk through of solving the Cyberlock CTF challenge from r2con2020 using the Radare2 framework. This post breaks down the process of reversing an unknown x86 binary and showcases some of the capabilities of the framework.

Page 1/2 Next →