Hacker Under Dev
  • About
  • Categories
  • Posts
  • Tags

Posts

May 15, 2016

OverTheWire: Bandit

Hey everyone, this post about Bandit is NOT a walkthrough of the greatest (only) “learn bash hacking” programs I’ve completed. This is NOT going to give you an advantage if you’re looking for cheat codes. This post will hopefully make you click on OverTheWire and want to try it out for yourself. Why you should try Bandit Do you work with Linux, bash shells, scripts, or ever have to deal with the command line?
April 22, 2016

Testing HPKP Headers

Over the last two weeks, I’ve posting a lot about HTTP Public Key Pinning. This will be my last post about it, I want to focus on testing HPKP. If you don’t know what HPKP is, read the first post. To learn how to add those headers, read the second post. I’ve had to spend a lot of time trying to figure out how to properly test these headers. In theory, this is how it should work.
April 15, 2016

Adding a HPKP Header

Before we try to add a HPKP header, let’s review from last week. I made a post about what HTTP public key pinning is. It’s a fingerprint that browsers use to compare certificates can warn the user if the certificate is from a different source, even if it’s trusted or from the same server. If that doesn’t make sense, check out the link to the previous post. Public-Key-Pins A Public-Key-Pins header looks like this:
April 12, 2016

Rebuilding the 3D printer

A long long time ago, I wrote a blog post about trying to assemble a new Folger Tech 3D printer. Long story short, I was given a bad Arduino board that started to smoke as soon as it was plugged. I spent weeks trying to get help from Folger to check my wiring, because to the best of my knowledge I had followed their instructions and I didn’t know what was wrong.
April 8, 2016

HPKP.. Public Key Pinning?

On a project I’m involved with, a scanner has picked up a low issue where the HTTPS is missing HTTP Public Key Pins (HPKPs). If you’re like me, you’re probably thinking what the heck is HPKP? Well, I did a little bit of research and got it working on my personal website, I’ll share my struggles below so you don’t have to follow my footsteps. The Theory Our browser stores a list of places that are accepted TLS/SSL certificate providers.
March 7, 2016

Social engineering a hackathon

When a lot of people hear about hacking, they imagine a guy in a hoodie at a computer late at night. That’s not always the case, social engineering is a big part of the picture. This last weekend I went to Bsides Indy, and the keynote was about communicating with management about security. He gave a few examples about breaking into some of the most secure places… because of human error.
February 10, 2016

TLS Lightning Talk

Hi everyone, last night I gave a lightning talk at Misec Jackson. It was a quick 15 minute summary of my last blog post on TLS. I summed everything up into 12 slides and threw in some last minute images to make it look better than just bullet points on bullet points. Other lightning talks from the night I wasn’t the only talk that night, there was a talk on IPv6 that was pretty insightful.
February 3, 2016

VTech Kid Connect Data Breach

On November 14, 2015, VTech discovered a hacker had broken into their databases, servers, and websites. The hacker used SQL injection to gain complete access to the databases that held all of the data used by the Kid Connect application that VTech uses. A friend of mine wrote up an awesome case study about the breach and you can read it here StephenManz_KidConnectHack. My two cents on the VTech breach (Not a TL;DR of the case study, just what I took away)
January 23, 2016

COGSS 2.0

In July of 2015, I volunteered to create a web app to score college gymnastics. There’s an old blog post from my original COGSS project. COGSS 2.0 is going to be a place to submit scores and have rankings for a meet. Sounds simple right? Turns out it is not, this project feels like it is turning into a full blown application which ideally would require a dev team… Instead there is me!
January 20, 2016

TLS: What is it and why it matters

In my normal fashion, I’m going to start this blog post with a little intro to cover my butt. Recently at work, I’ve been tasked with learning about Transport Layer Security or TLS. This blog post is my own thoughts and is not 100% accurate, but I hope you get the idea as well as I do. What is TLS? Well, as I said above, TLS is Transport Layer Security. It’s the encryption used by clients and servers to encrypt messages sent between the two.
  • ««
  • «
  • 5
  • 6
  • 7
  • 8
  • 9
  • »
  • »»
© Hacker Under Dev 2025