Tag: security

4 results

Blog Posts

Your Password is a DOS Vector

▸ 2026-05-01 by Kelyn Crandall · 4 min read

What limits should web apps place on passwords?

software development software architecture security

Read Read

Your SSH Key is Obscurity

▸ 2026-03-01 by Kelyn Crandall · 5 min read

IT professionals often denigrate 'security through obscurity', but is that helpful?

security

Read Read

Projects

★ Featured

penbomb

▸ Mar 2026 (Personal Project)

A Go HTTP handler that returns a 100 GB zip bomb. Designed to punish pentesters scraping sites at endpoints that would normally just return a 404. Adapts the payload based on the Accept-Encoding header.

Punishes roughly 300 requests per site per week, with no additional cost.

golang security http open-source

GitHub →

Beeneedeenee Cumberbumber

▸ Sep 2021 (Personal Project)

A simple web extension for Firefox and Chrome that searches for all instances of "Benedict Cumberbatch" and replaces them with a funny version.

An experiment to demonstrate dangerously elevated permissions in browser extensions.

Inspired by the talk Micah Silverman gave at KCDC 2021, titled "Blasting Browser Security with Extensions".

javascript chrome-extension firefox-extension security

GitHub →Firefox Extension →Chrome Extension →