January 22, 2017

How I got to Shmoocon2017

Shmoocon is a hacker conference in Washington DC. I’ve been interested in going since 2015 but this is the first year I’ve been able to make it out. The conference was really hard to get into. Not because it’s expensive or that it’s hard to get to DC, but because the process to get my ticket was a unique challenge in itself. It required me to rely on good friends, new skills, and a whole lot of luck.

January 1, 2017

2016 in review

2016 has been a crazy year, and I’m not talking about celebrities, politics or world news. A lot of security related things have happened for me personally. I wanted to base this post chronologically on what I’ve done. One of the first screenshots from 2016 is a constant reminder for me. What’s the first rule of infosec? Troll first, work later. I’ve come to realize that Twitter is the diving platform everyone needs.

December 1, 2016

Setting up Slack for MiSec

Some time last year, I wrote a post about setting up an IRC client on my VM. The idea was that since it’s always online, I’d always have the chat history for the #misec IRC channel. That way I’d never miss a mention or interesting conversation. Since then, a lot has changed and I don’t connect to that machine as much as I used to. I had to restart it a few times so the “always online” theory quickly fizzled out as well.

October 12, 2016

GrrCON 2016

October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.

August 14, 2016

My first hacker summer camp

April 26th was when I booked my flights to and from Las Vegas for hacker summer camp. I had no idea what was in store for me. The plan was to attend some conferences with Amanda Berlin, who had offered to to let me stay with her. Originally I did not plan to go at all. Although after discussing with her, I really only had one option left. I was walking into one of the best hacker experiences I’ve had to date.

June 12, 2016

First SecOps Job at Circle City Con 2016

Hey guys, I know it’s been a while since I posted. Thank you for coming back to read more. I hope you find these interesting. This post is a follow up of my SecOps experience at Circle City Con. I learned a lot and am looking forward to doing it again. The Conference Circle City Con is a annual security conference in Indianapolis. This year’s theme was Game of Pwns. The theme added a fun aspect to the usual conference atmosphere.

May 21, 2016

Path to the dark side

On Saturday, May 21st. The first career panel in #Misec history was held. Put on by the brave @chaoticflaws, @vajkat, and @ZenM0de, it was highly successful. The panel included @jwgoerlich, @jeremynielson, @jim_beechy, @D0Xt0rZ3r0, and a infosec recruiter from @TEKsystems (Sorry, I didn’t get his contact info). It was five glorious hours of Q/A related to getting a head start in infosec and what really matters in the field. Here’s a recap of what was discussed from the panel.

May 19, 2016

OverTheWire: Leviathan

Hello everyone, thanks for looking at my last post about OverTheWire: Bandit. Since my traffic is about x10 my average consistently for the last four days, I wanted to write a follow up post about the next wargame offered by OverTheWire, Leviathan. All over the exercises, they say to not post walkthroughs or writeups, so I won’t. I will do my best to promote the project without giving away the important stuff.

May 15, 2016

OverTheWire: Bandit

Hey everyone, this post about Bandit is NOT a walkthrough of the greatest (only) “learn bash hacking” programs I’ve completed. This is NOT going to give you an advantage if you’re looking for cheat codes. This post will hopefully make you click on OverTheWire and want to try it out for yourself. Why you should try Bandit Do you work with Linux, bash shells, scripts, or ever have to deal with the command line?

April 22, 2016

Testing HPKP Headers

Over the last two weeks, I’ve posting a lot about HTTP Public Key Pinning. This will be my last post about it, I want to focus on testing HPKP. If you don’t know what HPKP is, read the first post. To learn how to add those headers, read the second post. I’ve had to spend a lot of time trying to figure out how to properly test these headers. In theory, this is how it should work.