Diogo Monica's Picture Home

I'm a Security Engineer @Square
and a PhD Candidate @IST.
Follow @diogomonica on twitter
or checkout my posts.

Latest Posts

Bot wars - The arms race of restaurant reservations in SF

I love food. This means that I'm bound to compete for reservations at good restaurants with the the hipsters that are native to San Francisco. This is a peek into the arms race going on in restaurants reservation right now.
read more..

Weird packet of the day

Once in a while I open wireshark and just look at my baseline traffic. It's useful for when I actually want to find something weird to quickly distinguish between what's normal and what looks fishy.
read more..

Raising the dead - Undeleting files in ext4

Chances are that you have, at least once in your life, deleted files that you had no backups of. This is the story of how I partially recovered some of my files after deleting them on a Linux ext4 filesystem.
read more..

Hush OS X Terminal, hush

I've been noticing for a while a huge delay when opening new tabs on iTerm (or terminal.app). This would range from 3 to 7 seconds when opening a new tab. It was driving me nuts.
read more..

It's not just the salt, stupid

There have been hundreds of articles about the recent password hash leaks from Linked-in and eHarmony. One particular detail that most of these articles seem to have in common is the fact that they point at the inexistence of a 'salt' as the security mistake that made this leak particularly damaging…
read more..


This tool essentially outputs a list of exploits that you might want to try out after you gain local access to a host. Nothing you cannot do manually, and not the most brilliant tool ever but still, useful.
read more..

The dangers of pastebin-like websites

Services like pastebin.com are useful for sharing and discussing code. However, people trust the generated URLs to be unknown to anyone else, other than the people we want to share them with. This false sense of security brings us to this post: sensitive information being shared with the world, unintentionally.
read more..

Dead Simple HTTPd in Python

Sometimes, this is all you need:

glow:~ dmonica$ python -m SimpleHTTPServer 8000

Serving HTTP on port 8000 ...

This simple command has saved me hours of precious time. I've even used it to transfer files between multiple hosts (HTTP server on one end, one wget on all the other hosts). More details here.

read more..

Sniffing in Monitor Mode with Airport

Sniffing in OS X has been a reality for quite some time, thanks to the effort of people like the guys from Kismet and KisMAC...
read more..

Facebook Sidejacking

I've just released a tool called py-cookieJsInjection on github (see Part II of this post here). py-cookieJsInjection is a python script that sniffs cookies from the network, and outputs Javascript code that can be used to inject the cookies into any browser. It can be used to sniff and replicate any cookies going on the wire or to filter out specific information, such as Facebook profiles
read more..