Understanding Historical Trends of LEGO and Modularity Through Data Analytics

23rd August 2025

Many moons ago when I was starting out on my tech journey, I came across two things that perked my interest. These were PowerBI by Microsoft which is a tool for visualising data, and a book called Narconomics by Tom Wainwright.

This book seemed incredibly interesting, with my main draw being in how they came up with the data to showcase the trafficking of an illegal substance. Noticing how powerful visual data analysis is, I wanted to set out on picking a non-traditional topic (hopefully not drugs), which I could explore at a meticulous level and craft insights from spanning from decades.

…

I was told by a good friend to check out Keycloak due to making “authentication easy as hell”. With the commercialization of good auth on one side (Auth0, Okta) and on the other end poorly implemented auth (think OAuth with improper redirect_uri) I did have a gap in my heart for an opensource, extremely simple IAM solution for complex web applications. Enter github.com/keycloak/keycloak, analyzing the code and docs, there are a few characteristics worth noting:

…

As part of a desire to add another tool to my belt in regards to secure code review, I looked to explore CodeQL. Developed by GitHub and first released to the public around 2020, CodeQL is a “Semantic code analysis engine” that allows you to run SQL-like queries for certain code patterns across a large repository to find bugs.

The beauty of this tool is the freemium model where it’s all free if you are running this across public repos. If you are a company however, you can’t take this for free, you got to get the GitHub advanced security tack-on.

…

So currently I have done most of the Offsec PEN-200 Challenge Labs and after much procrastination have the OSCP booked October. While going through my methodology I have been thinking about how I can make my hacking as simple as possible.

This prompted many changes. From a very extensive obsidian.md vault for my notes, Using zsh-autosuggestions, and recording everything I do. I realised however that this was not enough which led me to thinking out of the box, and think*“Okay so you’ve been a hacker for a while now. How can I take some tricks from other types of ‘cheating’ and hacking to give myself an edge?”*. By cheating, I should add I’m not going to cheat in the exam but instead look for performance boosts. No one said dooping was illegal in CTF 😂

…

Security is hard for those that do it, and even more so for those that are looking to make a start in breaking and defending systems for the good of themselves and others. There are a ton of resources online about how to generically break into cybersecurity, however I wanted to switch it up and write a brief essay around getting into web application security! With this getting right into DeTaIlS

…

It’s certainly been a while since I wrote one of these. I have gone through a number of places of work, have found some interesting vulnerabilities in both government and private companies, and have continued to work at improving what I do.

A core area I wish I’d been better at when I had a role titled Penetration Tester is Web Application Security. There are many places to learn about this, and many more to perfect your craft. I’ll include a list of what I would consider to be great places to look into. For now though I want to focus on the Burp Suite Certified Practitioner (BSCP) certification, specifically around walking through the practice exam and detailing my methodology for going through it.

…

Welcome everyone. I would like to introduce this website as the new and improved blog for 2022 before the end of the year.

Many would argue this looks like something out of 1997 — and they would be absolutely right. What I’ve built is a blog compiled via static site generation, deployed to GitHub Pages, and costing me exactly $0.

What this is not:

• A convoluted WordPress codebase
• A site-in-a-box wrapper like Wix or Squarespace
• JavaScript-heavy or CSS-driven

There is no JavaScript. There is no CSS. There may occasionally be images — but only when words aren’t enough.

…

Welcome to the start of Baboon. I created Baboon due to my use of Github pages for blogging moving to a use of Jekyll, then Jekyll-Now before having to go down the rabbit hole of customising Jekyll before breaking the whole thing to which I ended up throwing my hands in the air and going. Stuff it, I’ll build my own generator and then use that for a blogging tool to publish blog.maxfrancis.me on. If you are reading this post from there, I was successful (yay), and if you didn’t, then you’re probably just reading a random Markdown file committed to GitHub (go out and touch some grass).

…

Welcome to the following series showing you all how to build an intentionally vulnerable API. The goal of this experiment is to teach you, the discerning engineer how to identify vulnerabilities in APIs. I believe that if you can build your own vulnerable version of something, you are more knowledgeable in breaking it (just ask an architect how to breach the castle they designed 🏰). Once you get good at doing this. You can then move on to testing other peoples APIs 🤘

…

Python is a fantastic scripting language that is well aligned to the discerning cybersecurity consultant due to: * The ability to learn quickly and script quick solutions in easily readible scripts; * Extensive number of security-related Python packages (i.e.BS4,python-nmap,pyca/cryptography, and scapy); and * Abundance of security related tooling and scripting already going on with Python.

This article is made to help address the topic around how a security consultant could effectively take their journey towards learning Python in an efficient manner, and then work on that towards what nice Python code would look like and how to further branch out their code into meaningul modules, libraries, etc.

…