Semgrep: scanning unusual extensions

Last few months I have been spending time with semgrep tool. As much as it has features its still a growing tool and does needs a bit of handholding. Here I will quickly explain how to hack the base code of semgrep to make it work against your specific language even though input file extension might not be the standard names.

Do you like what you read, What to share it

My experiments with Game Capture Card

I have been playing on my Nintendo switch for a long time now and have thought about recording my gameplay for reference. Past few days I have been reading about how to do game streaming and / or recording.

I found a lot of interesting things and a simplified way to achieve my goal. This blog post documents the entire journey along with the solution I am using right now its limitations.

Do you like what you read, What to share it

Re-launching Codevigilant

So i talked about relaunching a project using Hugo in my last blog post. today I’m happy to announce that we have relaunched CodeVigilant. This project took a lot of my time and efforts, but I was not alone in the efforts, Aarushi Koolwal helped me with the entire process.

Do you like what you read, What to share it

Posting regularly on blog: WordPress or hugo does the tooling matters?

I have been running this blog since 2007 19 July 2007 to be precise, during this long timeframe the blog has seen its own life-cycle. Started on shared hosting to moving on my server to moving from one type of WordPress instance to another. During this entire time, it has been a massively rewarding experience to learn. But guess what I have not even posted 100 blog posts in total. Averaging around 7 blog posts a year. Not even making it to post once a month. However, when I look around at my contemporaries, people have made massive blog empires and what not. Sometimes I used to sit back and wonder what exactly is the reason for such difference in dynamics.

Do you like what you read, What to share it

VM Size reduction tips for OVA distribution

In my many years of exploring Linux systems and building Android Tamer, OVA export has always been a fun challenge. Everyone distribute VM’s in OVA format as it is easy to import in both VMWare and Virtual box systems. Over the period I have relied on various smallish tweaks that eventually lead to a largish difference in final OVA Size. I think it’s time I document the entire set here:

Do you like what you read, What to share it

Public release: Android Security Repository

I wanted to celebrate this new year by giving something back to the community and so i am making my old Android Security Course content public.

I used to run android security training which started with basics of android and evolved to pin pointed android pentesters specific pain point solving course. for the last 3 years of it 2015-2017 I maintained a github repository which I am opensourcing today. This repository contains collection of resources I gathered for my students.

I am opensourcing the content in the hopes that it will benefit someone starting in Android Security.

Feel free to suggest changes, submit pull requests with updated content and improvements.

Repository is available at

Do you like what you read, What to share it

Introducing Hacking Archives of India

It’s been slightly more than 10 years that I have spent in the information security domain. Information Security is mostly assumed to be a very small and tightly connected community. However in these 10 years I have learned there are many persona’s active in the current industry, some very vocal, some very active yet not socially present at all. I have also always wondered how the information security industry started and proliferated in India.

Do you like what you read, What to share it

Wireguard Setup

Quick notes on how to setup wireguard on 20..04

Best guide i could find :

But still pieces missing so trying to write this and make those pieces sorted

Base OS : ubuntu 20.04

  1. Install software
sudo apt-get install wireguard wireguard-tools

Do you like what you read, What to share it

Logged in User Details In Azure AD App Service

Idenifying the Logged-In User in Azure AD

Lately I have been experimenting with Azure AD and putting Apps behind Azure AD. Once they are behind Azure AD Auth i wanted to make decisions based on the logged in user and it turned out to be a bit of a adventure trying to get those values.

I will document two different ways of obtaining authenticated user. one via python and one via javascript.

Do you like what you read, What to share it