Clik here to view.
RSS Feed Fix
Unfortunately the updated theme broke my RSS feed. I think I have it fixed so that it correctly links to the site but I am still having issues with it. If you wish to subscribe to this blog I would...
View ArticleClik here to view.
Grumpy Hackers
A little historyA couple months ago @carnal0wnage, @bsdbandit and @theblindhacker (I'm sure I'll get corrected if I'm wrong here) were at NoVAHackers just talking in the parking lot after the event and...
View ArticleClik here to view.
2019 BH/DC/BSidesLV Hiring List
Created the 2019 UNOFFICIAL BlackHat, DEF CON, BSidesLV Hiring List. To get on the list is even easier now! Just complete the following form: https://forms.gle/skaksvub8ijTELub8(One small tip, first...
View ArticleClik here to view.
2019 DerbyCon Hiring List
Created the 2019 UNOFFICIAL DerbyCon Hiring List. To get on the list just complete the following form: https://forms.gle/h7dXtd5vLs3k6EBRAOne small tip, first come first serve, so if you want to be on...
View ArticleClik here to view.
Tribe of Hackers: Red Team Edition
Recently I had the privilege and honor to be asked for my input into the Tribe of Hackers - Red Team Edition book. This book is a compilation of a bunch of opinions from industry professionals on 21...
View ArticleClik here to view.
2020 ShmooCon Hiring List
Created the 2020 Unofficial ShmooCon Hiring List. To get on the list is just complete the following form: https://forms.gle/TNwx16SbmbC19jVe9(One small tip, first come first serve, so if you want to be...
View ArticleClik here to view.
2020 ShmooCon Ticket
First person to send me an email to the email address at the end of this challenge will get a free ticket to ShmooCon 2020Update: Bug in ZipLooks like there is a bug in CyberChef...
View ArticleClik here to view.
Get Process List with Command Line Arguments
One of the most useful things when doing post exploitation on Linux is grabbing a full process list. One of the reasons this is useful is because it includes the arguments passed to these processes....
View ArticleClik here to view.
Compiling a DLL using MingGW
Compiling a Windows DLL has always been a pain for me. Getting Visual Studio working is frustrating (or at least used to be, before VS2019). I ran into this same issue recently. I didn't have Visual...
View ArticleClik here to view.
Run All Rules for Hashcat
This is just a quick script to demonstrate using PowerShell to run all the rules against a specific hash (or hash file), starting from the smallest file (usually the simplest rules)Set-Location -Path...
View ArticleClik here to view.
2020 Pandemic SIP Hiring List
One of the hard things about this pandemic is many people are either losing their jobs or having a hard time finding a new one in general. It was suggested that I make one of these during this time....
View ArticleClik here to view.
Let Me Out of Your Net - Egress Testing
Use-cases:IT Admin, Firewall Admin, or Security staff at a company and want to confirm what ports and protocols are allowed of your network.Pentester that intends to identify ports and protocols that...
View ArticleClik here to view.
The Four Phases of Offensive Security Teams
For brevity, I will be using the term “partner” to refer to the customer, Defensive Team, IT Team, or other direct consumers of the Offensive Team’s output.In my experience, offensive security teams,...
View ArticleClik here to view.
Run as SYSTEM using Evil-WinRM
This is a quick blog post on how to elevate to SYSTEM without the need for PSEXEC when you are using PowerShell, or more specifcially in this case, PowerShell Remoting (WinRM).First off, let me...
View ArticleClik here to view.
Family Mission Statement
I love this so much I wanted to keep it around. I googled to see if this was posted somewhere in text form but I couldn’t find it. Traditionally I haven’t been a fan of daily mantras, but I’m thinking...
View ArticleClik here to view.
2020 OSCP Contest
Last year I decided to give away 3 vouchers to PWK 60 days of labs. This was of my own free will and under no umbrella. I wanted to give back to the community and industry that provided a means to...
View ArticleClik here to view.
SolarFlare Release: Password Dumper for SolarWinds Orion
TL;DRHere are the concerns I have regarding the SolarWinds/FireEye breach:The accounts stored in an organization’s SolarWinds Orion may be underestimated. I recently did a pentest for a firm that had...
View ArticleClik here to view.
User Empowerment: Password Security
World Password Day (who knew that was a thing?) is upon us. It is the first Thursday of May every year, and that falls on May 6th this year.I’m not sure how to start this blog post, but the meat of...
View ArticleClik here to view.
Beautiful Basics - Series
Today I keynoted @BSidesVancouver. It was an honor to be asked and I had a great time.Conference Link: https://hopin.com/events/bsides-vancouver-2022/I talked about 11 lessons learned over my career...
View ArticleClik here to view.
Beautiful Basics: Lesson 1
Lessons LearnedSlidesLesson 1Lesson 2Lesson 3Lesson 4Lesson 5Lesson 6Lesson 7Lesson 8Lesson 9Lesson 10Lesson 11Lesson 1 - YOU could be “Legacy”Stop thinking that just because it did or didn’t work X...
View Article