https://lia.mg/A disjointed blog about security, engineering, open source, and linux 2026-03-08T04:32:43+00:00 Liam Galvin https://lia.mg/ Jekyll © 2026 Liam Galvin /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2025-02-06T19:28:00+00:00 2025-02-07T22:04:16+00:00 https://lia.mg/posts/despair-driven-development/ Liam Galvin

In an industry that often glorifies passion, innovation, and relentless optimism, there exists a darker, more prevalent, but equally powerful force: despair. Despair-Driven Development (DDD) is an unorthodox yet effective approach to software engineering that channels existential malaise, burnout, and the looming sense of impending doom into productive output. While despair is traditionally see...

2022-11-09T10:00:00+00:00 2022-11-09T10:00:00+00:00 https://lia.mg/posts/custom-rego-for-aws/ Liam Galvin

It’s now easy to run custom Rego policies against your live AWS account(s) with Trivy, as of version v0.33.0. In this post I’ll run through several example policies to demonstrate how it works and hopefully give you the foundations to write your own policies. What is Trivy? Trivy is a multifunctional, open-source security scanner. It can scan various targets (filesystems, containers, git rep...

2022-08-16T10:00:00+01:00 2022-08-16T10:00:00+01:00 https://lia.mg/posts/trivy-aws/ Liam Galvin

What is Trivy? Trivy is a multifunctional, open-source security scanner. It can scan various targets (filesystems, containers, git repositories and more) in order to discover security issues (vulnerabilities, misconfigurations, and secrets). In short, Trivy can find a bunch of different types of security issue in pretty much anything you point it at, for free. Scanning AWS As of this week, T...

2022-08-11T15:45:00+01:00 2022-08-11T15:45:00+01:00 https://lia.mg/posts/writing-go-linters/ Liam Galvin

Recently I looked into writing a custom linter for an open-source project called defsec. We had a fairly unique problem with an all-too-frequent bug. We decided if we could catch this type of bug at development time with a linter, we could not only fix things faster (instead of waiting for an integration test to fail), but we could also consistently prevent the bug from happening in the first p...

2022-07-31T23:00:00+01:00 2022-07-31T19:53:55+01:00 https://lia.mg/posts/intigriti-0722/ Liam Galvin

It’s been a while since I’ve done an XSS write-up, and the latest Intigriti challenge was fun, so here goes… 0x00: Initial Recon The site provided by Intigriti is a single-page application that seems fairly limited in functionality. It’s a blog site with a few entries from multiple authors. Most links don’t actually go anywhere, except for the Archives links in the sidebar, which appear funct...