The Ways I Use Mind Maps
Not so long ago, a friend and colleague of mine inspired me to start using mind maps. Since then, I’ve incorporated mind maps into various workflows wherever...
Posts by Year
2021
2019
Intel Gathering with Canary Tokens
Reports of My Demise…
DMs to myself 4
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
Practical Password Guidance
Spoiler: There is no quick answer to this. I’m a details guy. This won’t be short.
SSL/TLS Fun with Canary Tokens
What had happened was… It didn’t take long to learn (or re-learn) some more interesting things, thanks to Thinkst Canary Tokens.
Fun with Canary tokens
Whonary Tokens? Canary tokens are a concept that has been around for a while. The more generic name for them was Honeytokens. There are a few free services o...
Vizio Privacy Violations, or Why Class Actions are Bullshit
Background Between February 2014 and February 2017, Vizio collected information about customer viewing habits through their Vizio Smart TVs, and sold that in...
Penetration Testing Reference Sheet
This post is a “living document,” intended for me to keep a quick-and-dirty reference sheet around at all times, rather than as a standalone post. It will be...
On identity, tribe, and infosec
I’ve been thinking lately about “the infosec community” because of some things I’ve read from folks on Twitter. Unlike my “DMs to myself,” posts, I’m not goi...
DMs to myself 3
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
Brakesec Book Club: Hacker Playbook 3 - Chapters 3-4
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.This post will serv...
Using SDR on Debian
rtlamr Sometimes the instructions don’t register, the way they are laid out.
2018
Steam on OSX High Sierra
Deja vu One of my earlier posts described how to make the Steam client work on Mac OSX. That was pre-High Sierra, and all that was needed back then was renam...
Phucking with phishers
You talkin’ to me? So there I was, minding my own business, checking my emails, when suddenly, a wild phishing attempt appears!
Brakesec Book Club: Hacker Playbook 3 - Chapter 2 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
Brakesec Book Club: Hacker Playbook 3 - Chapter 1 notes
I am participating in the Brakesec Book Club (@Brakesec on twitter for more info). This time around is the Hacker Playbook 3 by Peter Kim.
Analysis of Facebook advertiser data
I’m not a big fan of Facebook due to numerous privacy concerns. I’ve gone back and forth on the subject of closing my account for some time, but as yet still...
DMs to myself; airing out the Twitter backlog 2/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself. I do this in an effort to keep track of interesting o...
DMs to myself; airing out the Twitter backlog post 1/n
Welcome to “DMs to myself,” where I will be going through messages from Twitter that I sent to myself in an effort not to lose interesting or valuable pieces...
Cheat sheet: Port mirroring IDS data into a Proxmox VM
Cheat-sheet version:
Privacy, and the importance of metadata
Privacy is an important subject to me. I am a strong opponent of the argument that “if you haven’t done anything wrong, you have nothing to hide.” All it tak...
Jekyll + Github Pages vs. Ghost self-hosting.
I’ve been meaning to get these thoughts up on the blog for a bit, since transitioning from a self-hosted instance of Ghost to Jekyll-powered Github Pages. As...
Migrating from Ghost to Jekyll and Github Pages
As previously posted, I performed a migration from my prior setup, running Ghost, to this current setup using Jekyll as my content generator and hosting the ...
Migration Complete
Well, that took longer than planned.
Cheat sheet: Installing Jekyll on Linode
I am in the process of migrating away from Ghost. Long/short, there is too much dynamic code, and the exposure makes me uncomfortable. I’ve discovered Jekyll...
2017
Bash Bunny and P4wnP1
So I found myself in an interesting (and strange) thread on Twitter, the other day. I’ll be using screenshots, and hopefully I won’t get replies out of order...
LastPass versus 1Password versus KeePass, part 4
Part 4: Comparison of features and traits (continued) Rather than break sections up the way reviews often are (all about option 1, then all about option 2), ...
LastPass versus 1Password versus KeePass, part 3
Part 3: Comparison of features and traits (continued) Rather than break sections up the way reviews often are (all about option 1, then all about option 2), ...
LastPass versus 1Password versus KeePass, part 2
Now that I’ve gone over the background and the summary of my conclusions in part 1, this post will be to analyze various aspects of the offerings themselves....
LastPass versus 1Password versus KeePass, part 1
These posts are to documement my overall experience with different password storage solutions, and an amateur evaluation that I performed from the perspectiv...
The hazards of cloud services
I ran into an issue with the site over the weekend that, in hind sight, I should have avoided.
Unicode symbol differences
Immediately after I submitted a comment to Dr. Neal Krawetz’s Hacker Factor blog, I realized I had misunderstood and overlooked some important details of dif...
How not to impress a candidate as a recruiter
Maybe get the name right?
Escalator brushes
If, like me, you have ever wondered what those little brushes along the sides of escalators are for, read on. Be warned, however: The information that follow...
Cheat sheet: Basic jQuery examples
I recently went through the first two levels of the free intro tutorial at JQuery in order to build some basic jQuery familiarity (more on why soon). Below a...
Configuring SNMPv3 on Ubuntu Server 16.04
Another instance of documentation that wasn’t fully explanatory or didn’t work. I got my SNMPv3 set up succesfully using the following in /etc/snmp/snmpd.con...
Configuring SNMP v3 on Ubiquiti Edgerouter-X
Cheat-sheet version
How to use Steam on Mac OSX
Cheat-sheet version: USER=$(whoami) cd /Users/${USER}/Library/Application\ Support/Steam/Steam.AppBundle/Steam/Contents/MacOS/public; ls *.res | while read l...
Untrusted, levels 18 - 20
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Advice for getting started in penetration testing
This post is a result of an email exchange between me and a young professional looking to get into IT security in general and penetration testing in particul...
Configuring fail2ban to drop silently
Cheat-sheet version: apt install fail2ban printf "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-blocktype.local service fail2ban restart
Untrusted, level 17
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, Level 16
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, level 15
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 13 - 14
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, level 13
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 11 - 12
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 08 - 10
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 05 - 07
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, levels 01 - 04
Spoiler warning: This will contain my solutions and explanations for the various levels in the game Untrusted. If you have not played yourself, I highly reco...
Untrusted, a user javascript adventure game
In studying for my GWAPT I was introduced by Eric Conrad to a cool educational game called Untrusted, created by Alex Nisnevich and Greg Shuflin (sorry, Greg...
Wii U Surround Issues
I finally picked up a Wii U since the price has come down a bit and I’m hankering to play Breath of the Wild. Hooked it up to my TV + 5.1 surround sound rece...
Installing Oracle Java on Kali Rolling 2017.1
Cheat-sheet version: Download Oracle JRE.
How to resize images in Ghost
The current version of Ghost does not support image resizing, so the workaround for now is to use HTML tags with some CSS crammed in:
Ghost doesn’t like IE6
*Door slammed in face*
Hello, world.
This is my first blog entry.