All Blog Posts

Latacora & Vanta - Howdy (Managed Service) Partner!

  • icon Sep 09, 2024
  • icon 3 minutes read
  • icon 437
Exciting news! Latacora is teaming up with Vanta to supercharge your compliance game. We now combine Latacora’s security expertise with Vanta’s compliance platform to help you reach your compliance goals faster than ever. As a Vanta …
Read more

Real World Crypto 2024

  • icon May 07, 2024
  • icon 23 minutes read
  • icon 4865
We traveled to Toronto this year to attend RWC 2024. The conference was held in TIFF Lightbox located in the city’s downtown; the venue is the headquarters for the Toronto Film Festival and contains five cinema rooms. RWC is a single-tracked …
Read more
  • Cryptography

A case for password hashing with delegation

  • icon Dec 22, 2023
  • icon 9 minutes read
  • icon 1911
When people talk about PBKDFs (Password Based Key Derivation Functions), this is usually either in the context of secure password storage, or in the context of how to derive cryptographic keys from potentially low-entropy passwords. The Password …
Read more
  • Tooling

Our Approach to Building Security Tooling

  • icon Nov 01, 2023
  • icon 11 minutes read
  • icon 2240
Introduction Most “security tools” today are typically composed by code that consumes an API and applies predefined logic to identify issues. This is generally accomplished by: Fetching a subset of the endpoints exposed by the service / …
Read more

Frequently Asked Questions from Strange Loop 2023

  • icon Sep 27, 2023
  • icon 3 minutes read
  • icon 516
The last Strange Loop conference was held September 21-22, 2023 at St. Louis Union Station. The conference is targeted towards developers; the speakers are often sharing their knowledge on new and inventive ways to use technology. At our sponsor …
Read more
  • Infrastructure security

Remediating AWS IMDSv1

  • icon Aug 11, 2021
  • icon 15 minutes read
  • icon 3194
2024-12-17 Updated to include Declarative Policies Compute resources in AWS (e.g. EC2 instances, ECS tasks/services, etc.) get access to AWS credentials, such as temporary instance role credentials, via the Instance Metadata Service (IMDS). The …
Read more