Diogo Mónica
Diogo Monica

Diogo Monica

30 posts •
business

A Pirate's take on Command vs. Leadership

Tired of being told that you should be a leader? Do not worry. Pirate captains had great leadership skills, and they were still beaten to oblivion by Navy Captains who exercised pure command on their ships.

  • Diogo Monica
    Diogo Monica
4 min read
business

A Pirate's take on Strategy vs. Tactics

Strategy vs.Tactics is one of the most written-about topics in business, but most business books seem to explain it in ways that hinder both the clarity of thought and the establishment of good conceptual frameworks.

  • Diogo Monica
    Diogo Monica
7 min read
crypto-anchors

Crypto Anchors: Exfiltration Resistant Infrastructure

I've been thinking about a concept that Nathan McCauley and I came up with a few years ago: crypto-anchoring—and how much impact this kind of architectural decision could have in the breaches

  • Diogo Monica
    Diogo Monica
5 min read
bitcoin

Bitcoin hard-forks and replay attacks

Dealing with blockchain hard-forks seems to have become an unfortunate and time-consuming reality of working in the cryptocurrency space these days: all the cool kids seem to be doing it. With the looming

  • Diogo Monica
    Diogo Monica
3 min read

The two metrics that matter for host security

As companies move their infrastructures towards ephemeral microservices, there is an opportunity to rethink some of the security metrics typically used to track infrastructure risk, such as the number of currently unpatched vulnerabilities

  • Diogo Monica
    Diogo Monica
3 min read
docker

Why you shouldn't use ENV variables for secret data

The twelve-factor app manifesto recommends that you pass application configs as ENV variables. However, if your application requires a password, SSH private key, TLS Certificate, or any other kind of sensitive data, you

  • Diogo Monica
    Diogo Monica
2 min read
hash

Why should *hard* be secure enough? Information and non-invertibility

The guarantees provided by hashes are of critical importance for security. One of the major points of hashes is, of course, their non-invertibility. However, even though I know how to do the necessary

  • Diogo Monica
    Diogo Monica
7 min read
docker

Hitless TLS Certificate Rotation in Go

One of the core security goals of Docker's Swarm mode is to be secure by default. To achieve that, when a new Swarm gets created it generates a self-signed Certificate Authority (CA) and

  • Diogo Monica
    Diogo Monica
8 min read
docker

Build once run where? Migrating my blog to hyper.sh

A few months ago, I ran into a cool new product called hyper.sh, a Docker container hosting platform. The goal of hyper.sh is to make it easier to deploy your containerized

  • Diogo Monica
    Diogo Monica
3 min read
docker

Increasing Attacker Cost Using Immutable Infrastructure

One neat thing about Docker containers is the fact that they are immutable. Docker ships with a copy-on-write filesystem, meaning that the base image cannot be modified, unless you explicitly issue a commit.

  • Diogo Monica
    Diogo Monica
4 min read
csp

Creating a CSP Policy from Scratch

When I added the Content-Security-Policy (CSP) security header to my website, I was more concerned about getting a good rating on securityheaders.io, than actually creating a good policy. In this post I'll

  • Diogo Monica
    Diogo Monica
6 min read
csp

From F to A+: Getting Good Grades on Website Security Evaluations

Even though diogomonica.com is a statically generated blog, created using Jekyll, it's always fun to run it through security evaluation websites such as SSL Labs and Security Headers. Unfortunately, last week, when

  • Diogo Monica
    Diogo Monica
5 min read
passwords

Password Security: Why the horse battery staple is not correct

I’ve intentionally kept myself from commenting on Password Security in the wake of the last month’s mass iCloud account compromise. My feeling was that this topic had already been discussed to

  • Diogo Monica
    Diogo Monica
5 min read
mptcp

MPTCP: The path to multipath

I first heard about MultiPath TCP (MPTCP) in 2007 when I met Olivier Bonaventure in Louvain-la-Neuve, Belgium. In the meantime MPTCP has been gaining a ton of traction, from having Apple using it

  • Diogo Monica
    Diogo Monica
1 min read
beam

Skynet (beta): The rise of the Beam robot

At work we bought a few telepresence robots from SuitableTech called Beam. The Beam robots allow anyone from a remote location to have face-to-face interaction with the people at our HQ. Each Beam

  • Diogo Monica
    Diogo Monica
4 min read
bot

Bot wars - The arms race of restaurant reservations in SF

I love food. This means that I'm bound to compete for reservations at good restaurants with the hipsters that are native to San Francisco. This is a peek into the arms race going

  • Diogo Monica
    Diogo Monica
2 min read

Weird packet of the day

Once in a while I open wireshark and just look at my baseline traffic. It's useful for when I actually want to find something weird to quickly distinguish between what's normal and what

  • Diogo Monica
    Diogo Monica
2 min read

Raising the dead - Undeleting files in ext4

Chances are that you have, at least once in your life, deleted files that you had no backups of. This is how I partially recovered some of my files after deleting them on

  • Diogo Monica
    Diogo Monica
1 min read
terminal

Hush OS X Terminal, hush

I've been noticing for a while a huge delay when opening new tabs and windows on iTerm (or terminal.app). This would range from 3 to 7 seconds when opening a new tab.

  • Diogo Monica
    Diogo Monica
1 min read
crypto

It's not just the salt, stupid

There have been hundreds of articles about the recent password hash leaks from Linked-in and eHarmony. One particular detail that most of these articles seem to have in common is the fact that

  • Diogo Monica
    Diogo Monica
2 min read

Exploit-suggester

This tool essentially outputs a list of exploits that you might want to try out after you gain local access to a host. Nothing you cannot do manually, and not the most brilliant

  • Diogo Monica
    Diogo Monica
1 min read

The dangers of pastebin-like websites

Services like pastebin.com are useful for sharing and discussing code. However, people trust the generated URLs to be unknown to anyone else, other than the people we want to share them with.

  • Diogo Monica
    Diogo Monica
2 min read
python

Dead Simple HTTPd in Python

Sometimes, this is all you need: glow:~ dmonica$ python -m SimpleHTTPServer 8000 Serving HTTP on 0.0.0.0 port 8000 ... This simple command has saved me hours of precious time. I've even

  • Diogo Monica
    Diogo Monica
1 min read
wifi

Sniffing in Monitor Mode with Airport

Sniffing in OS X has been a reality for quite some time, thanks to the effort of people like the guys from Kismet (https://www.kismetwireless.net/) and KisMAC (http://trac.kismac-ng.org/

  • Diogo Monica
    Diogo Monica
3 min read
python

Facebook Sidejacking

I've just released a tool called py-cookieJsInjection on github (see Part II of this post here). py-cookieJsInjection is a python script that sniffs cookies from the network, and outputs Javascript code that can

  • Diogo Monica
    Diogo Monica
2 min read
Diogo Mónica © 2025
Latest Posts Twitter