Untrusted, levels 18 - 20
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Posts by Tag
- untrusted 11
- cheatsheets 8
- pentesting 5
- reviews 5
- twitter 5
- ghost 4
- dms 4
- opinion 4
- reference 4
- privacy 4
- study 4
- jekyll 3
- githubpages 3
- brakesec 3
- bookclub 3
- lab 3
- steam 2
- canary 2
- token 2
- tracking 2
- analytics 2
- helloworld 1
- kali 1
- wiiu 1
- fail2ban 1
- ubiquiti 1
- ubuntu 1
- escalators 1
- lolz 1
- unicode 1
- cloudflare 1
- availability 1
- proxmox 1
- linux 1
- mirror 1
- facebook 1
- advertisement 1
- dnscat 1
- troubleshooting 1
- pcap 1
- discover 1
- subbrute 1
- python 1
- phishing 1
- osx 1
- sdr 1
- debian 1
- infosec 1
- tribe 1
- identity 1
- law 1
- vizio 1
- dde 1
- virustotal 1
- SSL 1
- TLS 1
- Firefox 1
- password 1
- diceware 1
- mindmap 1
- xmind 1
- notes 1
- documentation 1
untrusted
Untrusted, level 17
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, Level 16
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, level 15
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 13 - 14
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, level 13
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 11 - 12
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 08 - 10
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 05 - 07
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 01 - 04
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, a user javascript adventure game
In studying for my GWAPT I was introduced by Eric Conrad to a cool educational game called Untrusted, created by Alex Nisnevich and Greg Shuflin (sorry, Greg...
cheatsheets
Penetration Testing Reference Sheet
This post is a “living document,” intended for me to keep a quick-and-dirty reference sheet around at all times, rather than as a standalone post. It will be...
Cheat sheet: Port mirroring IDS data into a Proxmox VM
Cheat-sheet version:
Cheat sheet: Installing Jekyll on Linode
I am in the process of migrating away from Ghost. Long/short, there is too much dynamic code, and the exposure makes me uncomfortable. I’ve discovered Jekyll...
Cheat sheet: Basic jQuery examples
I recently went through the first two levels of the free intro tutorial at JQuery in order to build some basic jQuery familiarity (more on why soon). Below a...
Configuring SNMP v3 on Ubiquiti Edgerouter-X
Cheat-sheet version
How to use Steam on Mac OSX
Cheat-sheet version: USER=$(whoami) cd /Users/${USER}/Library/Application\ Support/Steam/Steam.AppBundle/Steam/Contents/MacOS/public; ls *.res | while read l...
Configuring fail2ban to drop silently
Cheat-sheet version: apt install fail2ban printf "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-blocktype.local service fail2ban restart
Installing Oracle Java on Kali Rolling 2017.1
Cheat-sheet version: Download Oracle JRE.
pentesting
Penetration Testing Reference Sheet
This post is a “living document,” intended for me to keep a quick-and-dirty reference sheet around at all times, rather than as a standalone post. It will be...
Brakesec Book Club: Hacker Playbook 3 - Chapters 3-4
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.This post will serv...
Brakesec Book Club: Hacker Playbook 3 - Chapter 2 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
Advice for getting started in penetration testing
This post is a result of an email exchange between me and a young professional looking to get into IT security in general and penetration testing in particul...
reviews
Bash Bunny and P4wnP1
So I found myself in an interesting (and strange) thread on Twitter, the other day. I’ll be using screenshots, and hopefully I won’t get replies out of order...
LastPass versus 1Password versus KeePass, part 4
Part 4: Comparison of features and traits (continued) Rather than break sections up the way reviews often are (all about option 1, then all about option 2), ...
LastPass versus 1Password versus KeePass, part 3
Part 3: Comparison of features and traits (continued) Rather than break sections up the way reviews often are (all about option 1, then all about option 2), ...
LastPass versus 1Password versus KeePass, part 2
Now that I’ve gone over the background and the summary of my conclusions in part 1, this post will be to analyze various aspects of the offerings themselves....
LastPass versus 1Password versus KeePass, part 1
These posts are to documement my overall experience with different password storage solutions, and an amateur evaluation that I performed from the perspectiv...
DMs to myself 4
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
On identity, tribe, and infosec
I’ve been thinking lately about “the infosec community” because of some things I’ve read from folks on Twitter. Unlike my “DMs to myself,” posts, I’m not goi...
DMs to myself 3
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog 2/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog post 1/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself in an effort not to lose interesting or valuable pieces...
ghost
Jekyll + Github Pages vs. Ghost self-hosting.
I’ve been meaning to get these thoughts up on the blog for a bit, since transitioning from a self-hosted instance of Ghost to Jekyll-powered Github Pages. As...
Migrating from Ghost to Jekyll and Github Pages
As previously posted, I performed a migration from my prior setup, running Ghost, to this current setup using Jekyll as my content generator and hosting the ...
How to resize images in Ghost
The current version of Ghost does not support image resizing, so the workaround for now is to use HTML tags with some CSS crammed in:
Ghost doesn’t like IE6
*Door slammed in face*
dms
DMs to myself 4
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself 3
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog 2/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog post 1/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself in an effort not to lose interesting or valuable pieces...
opinion
DMs to myself 4
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself 3
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog 2/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog post 1/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself in an effort not to lose interesting or valuable pieces...
reference
DMs to myself 4
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself 3
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog 2/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog post 1/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself in an effort not to lose interesting or valuable pieces...
privacy
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
Fun with Canary tokens
Whonary Tokens? Canary tokens are a concept that has been around for a while. The more generic name for them was Honeytokens. There are a few free services o...
Vizio Privacy Violations, or Why Class Actions are Bullshit
Background Between February 2014 and February 2017, Vizio collected information about customer viewing habits through their Vizio Smart TVs, and sold that in...
Analysis of Facebook advertiser data
I’m not a big fan of Facebook due to numerous privacy concerns. I’ve gone back and forth on the subject of closing my account for some time, but as yet still...
study
The Ways I Use Mind Maps
Not so long ago, a friend and colleague of mine inspired me to start using mind maps. Since then, I’ve incorporated mind maps into various workflows wherever...
Brakesec Book Club: Hacker Playbook 3 - Chapters 3-4
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.This post will serv...
Brakesec Book Club: Hacker Playbook 3 - Chapter 2 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
jekyll
Jekyll + Github Pages vs. Ghost self-hosting.
I’ve been meaning to get these thoughts up on the blog for a bit, since transitioning from a self-hosted instance of Ghost to Jekyll-powered Github Pages. As...
Migrating from Ghost to Jekyll and Github Pages
As previously posted, I performed a migration from my prior setup, running Ghost, to this current setup using Jekyll as my content generator and hosting the ...
Migration Complete
Well, that took longer than planned.
githubpages
Jekyll + Github Pages vs. Ghost self-hosting.
I’ve been meaning to get these thoughts up on the blog for a bit, since transitioning from a self-hosted instance of Ghost to Jekyll-powered Github Pages. As...
Migrating from Ghost to Jekyll and Github Pages
As previously posted, I performed a migration from my prior setup, running Ghost, to this current setup using Jekyll as my content generator and hosting the ...
Migration Complete
Well, that took longer than planned.
brakesec
Brakesec Book Club: Hacker Playbook 3 - Chapters 3-4
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.This post will serv...
Brakesec Book Club: Hacker Playbook 3 - Chapter 2 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
bookclub
Brakesec Book Club: Hacker Playbook 3 - Chapters 3-4
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.This post will serv...
Brakesec Book Club: Hacker Playbook 3 - Chapter 2 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
lab
Brakesec Book Club: Hacker Playbook 3 - Chapters 3-4
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.This post will serv...
Brakesec Book Club: Hacker Playbook 3 - Chapter 2 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
steam
Steam on OSX High Sierra
Deja vu One of my earlier posts described how to make the Steam client work on Mac OSX. That was pre-High Sierra, and all that was needed back then was renam...
How to use Steam on Mac OSX
Cheat-sheet version: USER=$(whoami) cd /Users/${USER}/Library/Application\ Support/Steam/Steam.AppBundle/Steam/Contents/MacOS/public; ls *.res | while read l...
canary
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
Fun with Canary tokens
Whonary Tokens? Canary tokens are a concept that has been around for a while. The more generic name for them was Honeytokens. There are a few free services o...
token
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
Fun with Canary tokens
Whonary Tokens? Canary tokens are a concept that has been around for a while. The more generic name for them was Honeytokens. There are a few free services o...
tracking
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
Fun with Canary tokens
Whonary Tokens? Canary tokens are a concept that has been around for a while. The more generic name for them was Honeytokens. There are a few free services o...
analytics
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
Fun with Canary tokens
Whonary Tokens? Canary tokens are a concept that has been around for a while. The more generic name for them was Honeytokens. There are a few free services o...
helloworld
Hello, world.
This is my first blog entry.
kali
Installing Oracle Java on Kali Rolling 2017.1
Cheat-sheet version: Download Oracle JRE.
wiiu
Wii U Surround Issues
I finally picked up a Wii U since the price has come down a bit and I’m hankering to play Breath of the Wild. Hooked it up to my TV + 5.1 surround sound rece...
fail2ban
Configuring fail2ban to drop silently
Cheat-sheet version: apt install fail2ban printf "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-blocktype.local service fail2ban restart
ubiquiti
Configuring SNMP v3 on Ubiquiti Edgerouter-X
Cheat-sheet version
ubuntu
Configuring SNMPv3 on Ubuntu Server 16.04
Another instance of documentation that wasn’t fully explanatory or didn’t work. I got my SNMPv3 set up succesfully using the following in /etc/snmp/snmpd.con...
escalators
Escalator brushes
If, like me, you have ever wondered what those little brushes along the sides of escalators are for, read on. Be warned, however: The information that follow...
lolz
How not to impress a candidate as a recruiter
Maybe get the name right?
unicode
Unicode symbol differences
Immediately after I submitted a comment to Dr. Neal Krawetz’s Hacker Factor blog, I realized I had misunderstood and overlooked some important details of dif...
cloudflare
The hazards of cloud services
I ran into an issue with the site over the weekend that, in hind sight, I should have avoided.
availability
Migration Complete
Well, that took longer than planned.
proxmox
Cheat sheet: Port mirroring IDS data into a Proxmox VM
Cheat-sheet version:
linux
Cheat sheet: Port mirroring IDS data into a Proxmox VM
Cheat-sheet version:
mirror
Cheat sheet: Port mirroring IDS data into a Proxmox VM
Cheat-sheet version:
Analysis of Facebook advertiser data
I’m not a big fan of Facebook due to numerous privacy concerns. I’ve gone back and forth on the subject of closing my account for some time, but as yet still...
advertisement
Analysis of Facebook advertiser data
I’m not a big fan of Facebook due to numerous privacy concerns. I’ve gone back and forth on the subject of closing my account for some time, but as yet still...
dnscat
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
troubleshooting
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
pcap
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
discover
Brakesec Book Club: Hacker Playbook 3 - Chapter 2 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
subbrute
Brakesec Book Club: Hacker Playbook 3 - Chapter 2 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
python
Phucking with phishers
You talkin’ to me? So there I was, minding my own business, checking my emails, when suddenly, a wild phishing attempt appears!
phishing
Phucking with phishers
You talkin’ to me? So there I was, minding my own business, checking my emails, when suddenly, a wild phishing attempt appears!
osx
Steam on OSX High Sierra
Deja vu One of my earlier posts described how to make the Steam client work on Mac OSX. That was pre-High Sierra, and all that was needed back then was renam...
sdr
Using SDR on Debian
rtlamr Sometimes the instructions don’t register, the way they are laid out.
debian
Using SDR on Debian
rtlamr Sometimes the instructions don’t register, the way they are laid out.
infosec
On identity, tribe, and infosec
I’ve been thinking lately about “the infosec community” because of some things I’ve read from folks on Twitter. Unlike my “DMs to myself,” posts, I’m not goi...
tribe
On identity, tribe, and infosec
I’ve been thinking lately about “the infosec community” because of some things I’ve read from folks on Twitter. Unlike my “DMs to myself,” posts, I’m not goi...
identity
On identity, tribe, and infosec
I’ve been thinking lately about “the infosec community” because of some things I’ve read from folks on Twitter. Unlike my “DMs to myself,” posts, I’m not goi...
law
Vizio Privacy Violations, or Why Class Actions are Bullshit
Background Between February 2014 and February 2017, Vizio collected information about customer viewing habits through their Vizio Smart TVs, and sold that in...
vizio
Vizio Privacy Violations, or Why Class Actions are Bullshit
Background Between February 2014 and February 2017, Vizio collected information about customer viewing habits through their Vizio Smart TVs, and sold that in...
dde
Fun with Canary tokens
Whonary Tokens? Canary tokens are a concept that has been around for a while. The more generic name for them was Honeytokens. There are a few free services o...
virustotal
Fun with Canary tokens
Whonary Tokens? Canary tokens are a concept that has been around for a while. The more generic name for them was Honeytokens. There are a few free services o...
SSL
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
TLS
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
Firefox
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
password
Practical Password Guidance
Spoiler: There is no quick answer to this. I’m a details guy. This won’t be short.
diceware
Practical Password Guidance
Spoiler: There is no quick answer to this. I’m a details guy. This won’t be short.
mindmap
The Ways I Use Mind Maps
Not so long ago, a friend and colleague of mine inspired me to start using mind maps. Since then, I’ve incorporated mind maps into various workflows wherever...
xmind
The Ways I Use Mind Maps
Not so long ago, a friend and colleague of mine inspired me to start using mind maps. Since then, I’ve incorporated mind maps into various workflows wherever...
notes
The Ways I Use Mind Maps
Not so long ago, a friend and colleague of mine inspired me to start using mind maps. Since then, I’ve incorporated mind maps into various workflows wherever...
documentation
The Ways I Use Mind Maps
Not so long ago, a friend and colleague of mine inspired me to start using mind maps. Since then, I’ve incorporated mind maps into various workflows wherever...