How'd you manage to land here?

Well, feel free to stay awhile, at least until the crawlers get to you, or.. ur…

There are risks and costs to action.

But they are far less than the long-range risks of comfortable inaction.


Anecdotal Security Series

This last July, I competed in a national undergraduate competition (CyberFastTrack US) and found that many of the tricks I was picking up could be expanded into educational posts. You can find those tricks here.

Hack-the-Box & CTF Writeup

Walkthroughs from the environment over at can be found here. Keep in mind that active-boxes must be password protected with the root flag per the site rules. Additionally, you may find other CTF platform writeups here.

Some Other Stuff

Occasionally (b)its and (B)ytes warrant expansion. You might also find a career item or two thrown in here. Ultimately, this is where the misfits end up, so have a look around but don’t expect any semblance of order.

Episode 4-Enumerating DNS: Public by Intent… Public by Intent!?!

Got another anecdotal one this week! In a short summary, here, I will walk through the role that DNS, and DNS servers play in an enterprise network. Then, I’ll demonstrate how we can glean basic information from a public-facing DNS server during an engagement (in a typical and secure state), and further how we can gather a truly astonishing amount of information from the service if admins haven’t taken basic precautions to secure it. This is another article in the…

HackASat (HAS): Satellite Bus//Magic Bus [91pt]

This last weekend, I had the opportunity to compete in the Air Force sponsored CTF, Hack A Sat. I played this CTF with the team I’ll be joining in July, the Aerospace Cyber Effects Group, out of Northrop Grumman’s Redondo Beach Campus, Los Angeles. We played under the pseudonym ACE, representing the official team name....

Arrested on the Job: Penetration Testers Jailed, Charges Actually Brought Forth

This week, we’re going to take a look at a story that–after a long and mind-bending road–finally came to a conclusion recently. One where two penetration testers from the security firm Coalfire, were hired to break into an Iowa courthouse and then arrested when they completed the job. This story has been covered in great detail by small security blogs and large news agencies alike, so instead of reviewing the situation one more time, I’ll let you take a second…

Check out the Latest on YouTube!

Arriving in April…

Get in Touch