How'd you manage to land here?

Well, feel free to stay awhile, at least until the crawlers get to you, or.. ur…

There are risks and costs to action.

But they are far less than the long-range risks of comfortable inaction.

JOHN F. KENNEDY

Anecdotal Security Series

This last July, I competed in a national undergraduate competition (CyberFastTrack US) and found that many of the tricks I was picking up could be expanded into educational posts. You can find those tricks here.

Hack-the-Box Writeups

Walkthroughs from the respected CTF environment over at https://hackthebox.eu can be found here. Keep in mind that active-boxes must be password protected with the root flag per the site rules.

Some Other Stuff

Occasionally (b)its and (B)ytes warrant expansion. You might also find a career item or two thrown in here. Ultimately, this is where the misfits end up, so have a look around but don’t expect any semblance of order.

Episode 4-Enumerating DNS: Public by Intent… Public by Intent!?!

Got another anecdotal one this week! In a short summary, here, I will walk through the role that DNS, and DNS servers play in an enterprise network. Then, I’ll demonstrate how we can glean basic information from a public-facing DNS server during an engagement (in a typical and secure state), and further how we can gather a truly astonishing amount of information from the service if admins haven’t taken basic precautions to secure it. This is another article in the…

HTB Walk Through for Bitlab (Medium/Linux)

Summary While this is a somewhat unconventional box with a bit of a CTF feel. It has a lot of very real-world GitHub teaching points for organizations running the community edition. While privilege escalation didn’t technically result from the reverse engineering portion, it was a good exercise in deriving credentials from a Windows binary which...

Arrested on the Job: Penetration Testers Jailed, Charges Actually Brought Forth

This week, we’re going to take a look at a story that–after a long and mind-bending road–finally came to a conclusion recently. One where two penetration testers from the security firm Coalfire, were hired to break into an Iowa courthouse and then arrested when they completed the job. This story has been covered in great detail by small security blogs and large news agencies alike, so instead of reviewing the situation one more time, I’ll let you take a second…

Check out the Latest on YouTube!

Arriving in April…


Get in Touch