Hugo Site on Cloudflare Pages

It’s been over 4 years since I started to use Jekyll and Github pages. I chose Jekyll for a blog because of its simplicity and seemless intergration with Github. I also really wanted to try out Hugo for quite some time. And ever since Cloudflare released their Pages service. What I use now For markuta.com I now use Hugo with a theme called PaperMod. Github is still used storage on a private repository (Github pages doesn’t allow private repos for free accounts)....

August 27, 2021 · 6 min · Naz Markuta

Bitwarden and Nginx Server on Raspberry Pi

In this blog post I’ll be covering how to install a self hosted Bitwarden server as a password management solution using Docker on a Raspberry Pi. We will get two containers running (Bitwarden server) and (Nginx reverse proxy). I’ll also go into hardening the Bitwarden configuration and applying 2FA for log-ins. What is Bitwarden? Bitwarden is an open-source password management solution. It supports almost all major systems. The version we’re going to be using is the unofficial one created by Daniel Garcia, Github page: https://github....

October 25, 2020 · 7 min · Naz Markuta

Changed Jekyll Theme

Its been a while since I posted. This is a quick update of the new changes. I’m now using a new Jekyll theme called klisé by Mahendrata Harpi. With this change, I’ll also try to post more regularly since my last post was back in 2019. I have also added my public key which is available here.

October 17, 2020 · 1 min · Naz Markuta

A XSS bug on Spotify's Podcasters

In this blog post I’ll share a report I wrote a few months ago for a XSS bug found on podcasters.spotify.com. This was submitted on HackerOne but unfortunately, it was already reported and mine was considered a duplicate, oh well, better luck next time. Summary When a user submits a new podcast RSS feed for verification, the description tag inside it is not properly escaped. This results in JavaScript being executed on the page which could allow attackers to hijack users' session cookies and/or take over accounts....

September 15, 2020 · 2 min · Naz Markuta

TP-Link Archer T2U Nano for TLS Traffic Interception

Overview In this guide we’ll be going through the process of configuring an intercepting set-up using mitmproxy and a wireless network, to inspect, modify and monitor encrypted HTTPS traffic. This will allow for a simple way to analyse traffic on mobile handsets and IoT devices, with the only requirements is Wi-Fi support and the ability to install custom certificates. mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing....

November 10, 2019 · 6 min · Naz Markuta