May 29, 2023

Python for Everyone! py4e Overview

If you work in any technical field, there is some level of programming knowledge required. Developers program code day in and day out, but even penetration testers, IT helpdesk, or SOC analysts benefit from automating mundane tasks to improve efficiency. If programing is a skill set that you want to improve, how best do you learn? Playing with redstone in minecraft will teach you about some basic logic. Youtube videos can show how to create basic discord bots to roll dice for your DND games.

April 1, 2023

Customizing a hackbook pro

To develop in cybersecurity, it is vastly important to keep a growth mindset. Always be learning. In order to allow that, it helps to have the right tools available. One important tool is a dedicated computer for hacking activities such as participating in training labs, testing tools, or learning new methodologies. I reset a Macbook Pro, keeping the intending macOS and installed VMware fusion for running virtual machines (VM) including Kali linux.

March 30, 2023

Wazuh - An open-source security platform

A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set. First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.

March 19, 2023

Attending Bsides Harrisburg

Bsides Harrisburg was on March 11, 2023. This was the first conference for two attendees and below are their own stories. I hope this inspires you to check out a local conference or consider traveling for a Bsides event. Ron I am a Cloud Network Engineer, and part of my responsibility is to ensure the cloud environment I help manage is secure and follows recent cloud security best practices. Before working in the cloud, I was a route/switch guy.

March 18, 2023

Organizing Bsides Harrisburg

Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.

February 19, 2023

Intro to Cloudflare Zero Trust

Cloudflare offers some amazing, and free, products to secure personal use, self-hosted applications and devices. Last week, I set up a server at home running docker containers. By using Cloudflare I can securely make those docker containers internet accessible. Previously in order to do that, I’d have to open a port through my home router and accept any traffic from the internet on that port. This is visible and allows a home IP to appear in use to anyone who scans it.

February 18, 2023

Are Password Managers Safe to Use?

Note from hackerunder.dev: This post was copied from https://www.passwordmanager.com/are-password-managers-safe-to-use/ with permission to display on this site. Managing all of your passwords for different accounts can be surprisingly complicated. You need to be able to create, store, and access strong passwords for all of your accounts on every device you use. Furthermore, each password needs to be unique, making it nearly impossible to remember every one of them on your own.

February 15, 2023

Building a docker server

This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.

October 23, 2022

Introduction to Password Management

Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management? Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.

October 23, 2022

Introduction to Phishing

In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you. What is Phishing?