March 30, 2023

Wazuh - An open-source security platform

A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set. First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.

March 30, 2023

Wazuh - An open-source security platform

A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set. First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.

March 30, 2023

Wazuh - An open-source security platform

A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set. First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.

March 30, 2023

Wazuh - An open-source security platform

A friend and mentor in the field introduced me to Wazuh. An open source, free to use tool for security. He was looking at the tool to understand some of it’s inner functionality for his own projects, but when I was reviewing it with him I was impressed by it’s feature set. First off, being open source means that Wazuh has source code published online that anyone can use, review, or extend.

March 18, 2023

Organizing Bsides Harrisburg

Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.

March 18, 2023

Organizing Bsides Harrisburg

Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.

October 17, 2022

Volunteering at GrrCON 2022

When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.

October 29, 2017

Volunteering at GrrCON 2017

GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”. The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.

October 12, 2016

GrrCON 2016

October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.

October 16, 2015

Volunteering at GrrCON 2015!

Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time. Not only did I get to go to my first con, I got to volunteer at GrrCON!

March 18, 2023

Organizing Bsides Harrisburg

Bsides Harrisburg was on March 11, 2023. Our first post-covid Bsides conference in central Pennsylvania under new organizers. A small team of local security professionals gathered together to collect funding, invite speakers, and attract attendees. I was privileged to be one of the organizers and act as a treasurer, ensuring that we had the required funding to cover what we wanted to include. Here is my summary of planning the event and how I thought the event went.

February 19, 2023

Intro to Cloudflare Zero Trust

Cloudflare offers some amazing, and free, products to secure personal use, self-hosted applications and devices. Last week, I set up a server at home running docker containers. By using Cloudflare I can securely make those docker containers internet accessible. Previously in order to do that, I’d have to open a port through my home router and accept any traffic from the internet on that port. This is visible and allows a home IP to appear in use to anyone who scans it.

February 18, 2023

Are Password Managers Safe to Use?

Note from hackerunder.dev: This post was copied from https://www.passwordmanager.com/are-password-managers-safe-to-use/ with permission to display on this site. Managing all of your passwords for different accounts can be surprisingly complicated. You need to be able to create, store, and access strong passwords for all of your accounts on every device you use. Furthermore, each password needs to be unique, making it nearly impossible to remember every one of them on your own.

February 18, 2023

Are Password Managers Safe to Use?

Note from hackerunder.dev: This post was copied from https://www.passwordmanager.com/are-password-managers-safe-to-use/ with permission to display on this site. Managing all of your passwords for different accounts can be surprisingly complicated. You need to be able to create, store, and access strong passwords for all of your accounts on every device you use. Furthermore, each password needs to be unique, making it nearly impossible to remember every one of them on your own.

October 23, 2022

Introduction to Password Management

Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management? Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.

February 15, 2023

Building a docker server

This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.

February 15, 2023

Building a docker server

This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.

February 15, 2023

Building a docker server

This blog post is a record of what I did to spin up a home server that uses Docker for various side projects and fun. One of the pain points of having projects that involve computer applications, websites, or code is that it needs to be hosted somewhere to run. Our personal computers are not usually online for projects that could be running all the time. Creating physical servers or paying for cloud hosting can get expenive fast for passion projects or proof of concepts.

April 29, 2022

Proving Grounds DC4 Writeup

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

April 8, 2022

Proving Grounds DC2 Writeup

DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist. Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.

April 5, 2022

Vulnhub DC1 Writeup

S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.

June 13, 2021

Proving Grounds My-CMSMS Writeup

Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted. On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.

October 23, 2022

Introduction to Password Management

Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management? Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.

October 23, 2022

Introduction to Phishing

In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you. What is Phishing?

October 8, 2022

Welcome to Cybersecurity Awareness Month!

The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.

October 23, 2022

Introduction to Password Management

Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management? Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.

October 23, 2022

Introduction to Phishing

In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you. What is Phishing?

October 8, 2022

Welcome to Cybersecurity Awareness Month!

The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.

October 23, 2022

Introduction to Phishing

In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you. What is Phishing?

October 17, 2022

Volunteering at GrrCON 2022

When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.

October 29, 2017

Volunteering at GrrCON 2017

GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”. The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.

October 12, 2016

GrrCON 2016

October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.

October 16, 2015

Volunteering at GrrCON 2015!

Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time. Not only did I get to go to my first con, I got to volunteer at GrrCON!

October 17, 2022

Volunteering at GrrCON 2022

When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.

January 13, 2020

Picat's Podcast: Episode 6

In this hour long podcast episode, I reviewed a lot of what I’ve done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.

October 29, 2017

Volunteering at GrrCON 2017

GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”. The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.

October 12, 2016

GrrCON 2016

October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.

October 16, 2015

Volunteering at GrrCON 2015!

Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time. Not only did I get to go to my first con, I got to volunteer at GrrCON!

October 17, 2022

Volunteering at GrrCON 2022

When I first joined the infosec community back in 2015, I was able to attend some local meetups but one of my highlights for the year was volunteering at GrrCON. GrrCON is a conference in Grand Rapids, MI where the local airport abbreviation is GRR. This conference, it’s staff, speakers, and environment shaped me to be the hacker I am today. In October, I returned for another chance to help out and give back to the community that has given me so much.

October 29, 2017

Volunteering at GrrCON 2017

GrrCON 2017, the seventh year and my third time attending. I volunteered again this year because it is a lot more involved than being a regular attendee. I’ve been to other conferences where volunteering burns you out. GrrCON is the only con where I could be in the middle of one job and ask “What more can I do to help?”. The 2017 Difference GrrCON hasn’t changed much since I have started coming to it.

October 12, 2016

GrrCON 2016

October 6th & 7th was GrrCON. For those that don’t know, it is a security conference in Grand Rapids, Michigan. 2015 was the first year I started going to conferences and GrrCON was my first. That year I volunteered because it’s really hard for poor students to pay their way for the fun stuff. This year, I have a job that actually pays for me to go and learn about security.

October 16, 2015

Volunteering at GrrCON 2015!

Who’s been to a Security Conference before? I’m finally able to include myself in that group and I’m really exited about that. A conference is all about meeting others in infosec, learning a lot from talks and workshops, trying your hand at capture the flags (CTFs) or lock picking, networking and most importantly having a great time. Not only did I get to go to my first con, I got to volunteer at GrrCON!

October 8, 2022

Welcome to Cybersecurity Awareness Month!

The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.

July 9, 2020

HackTheBox Sauna Writeup

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

July 4, 2020

HackTheBox Remote Writeup

Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell. Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.

May 3, 2020

HackTheBox Traceback Write-up

Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation. Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.

October 8, 2022

Welcome to Cybersecurity Awareness Month!

The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.

April 29, 2022

Proving Grounds DC4 Writeup

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

April 8, 2022

Proving Grounds DC2 Writeup

DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist. Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.

April 5, 2022

Vulnhub DC1 Writeup

S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.

June 13, 2021

Proving Grounds My-CMSMS Writeup

Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted. On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.

August 23, 2022

Rebuilding my home server

A long time ago, I built a computer and have since sparsely used it as a home server. The last time I reinstalled an operating system on it, I installed Ubuntu Desktop Eoan and never remembers to update the machine. This blog post will serve as a record of what I did to setup the machine again after wiping it. Services I installed included ufw ssh ftp Minecraft Samba fileshare While attempting to install samba on the old system, apt update failed.

April 30, 2020

Starting a Minecraft server

I’ve had a love hate relationship with Minecraft since I bought the beta when I was in highschool 2011. Throughout the years I’ve played countless local games, and joined others online in public servers. Over the last decade, I cycled through playing, getting mad at myself for not being productive, and taking a break. Lately I’ve been watching Hermitcraft more than playing or working combined. To convince myself I was being productive, I told myself starting a Minecraft server to play with friends and family would be a worthwhile systems administration and security project.

August 23, 2022

Rebuilding my home server

A long time ago, I built a computer and have since sparsely used it as a home server. The last time I reinstalled an operating system on it, I installed Ubuntu Desktop Eoan and never remembers to update the machine. This blog post will serve as a record of what I did to setup the machine again after wiping it. Services I installed included ufw ssh ftp Minecraft Samba fileshare While attempting to install samba on the old system, apt update failed.

August 23, 2022

Rebuilding my home server

A long time ago, I built a computer and have since sparsely used it as a home server. The last time I reinstalled an operating system on it, I installed Ubuntu Desktop Eoan and never remembers to update the machine. This blog post will serve as a record of what I did to setup the machine again after wiping it. Services I installed included ufw ssh ftp Minecraft Samba fileshare While attempting to install samba on the old system, apt update failed.

April 29, 2022

Proving Grounds DC4 Writeup

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

April 29, 2022

Proving Grounds DC4 Writeup

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

April 29, 2022

Proving Grounds DC4 Writeup

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

April 29, 2022

Proving Grounds DC4 Writeup

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

April 8, 2022

Proving Grounds DC2 Writeup

DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist. Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.

June 13, 2021

Proving Grounds My-CMSMS Writeup

Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted. On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.

April 29, 2022

Proving Grounds DC4 Writeup

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

April 8, 2022

Proving Grounds DC2 Writeup

DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist. Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.

June 13, 2021

Proving Grounds My-CMSMS Writeup

Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted. On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.

April 29, 2022

Proving Grounds DC4 Writeup

DC-4 is the fourth machine in the DC series on Vulnhub and the third available in OffSec’s Proving Grounds Play. S1ren did a live stream on twitch.tv explaining this machine and the recording is on YouTube. If you are looking for DC3, I will be uploading a post later. Currently I host my target on VMware machines and DC3 was not working well. I plan on switching to virtualbox with a different computer soon.

April 8, 2022

Proving Grounds DC2 Writeup

DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist. Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.

April 5, 2022

Vulnhub DC1 Writeup

S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.

June 13, 2021

Proving Grounds My-CMSMS Writeup

Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted. On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.

April 8, 2022

Proving Grounds DC2 Writeup

DC-2 is the second machine in the DC series on Vulnhub. In my DC-1 writeup I mentioned S1ren’s walkthrough streams on Twitch.tv and how the videos are recorded on Youtube. S1ren’s DC-2 walkthrough is in the same playlist. Something new as of creating this writeup is that Offensive Security is now offering some of the DC machines on the Proving Grounds. The Proving Grounds offers a free option for anyone to sign up and get 3 hours per day of access to any machine in their “Play” tier.

April 5, 2022

Vulnhub DC1 Writeup

S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.

April 5, 2022

Vulnhub DC1 Writeup

S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.

April 5, 2022

Vulnhub DC1 Writeup

S1ren from Offensive Security has taken on the task of regularly streaming Vulnhub machines on Twitch.tv at OffSecOfficial. She is hacking one machine a week from Vulnhub and bringing her viewers along for an interactive experience. Viewers can comment during the stream to suggest things to enumerate, exploit, or take note of as well as ask any questions. I’ve started to attempt the machines each week and record notes as I go.

June 13, 2021

Proving Grounds My-CMSMS Writeup

Full disclosure: I am an Offensive Security employee. This My-CMSMS walkthrough is a summary of what I did and learned. Friends from #misec and I completed this challenge together. No company restricted resources were used. Creating walkthroughs for Proving Grounds (PG) Play machines is allowed for anyone to publish. However, PG Practice machines from the paid tier, are not permitted to have public walkthroughs posted. On June 11th, @InfosecAli and I signed into Proving Grounds and booted up an intermediate PG play machine called My-CMSMS.

July 9, 2020

HackTheBox Sauna Writeup

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

July 9, 2020

HackTheBox Sauna Writeup

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

July 9, 2020

HackTheBox Sauna Writeup

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

July 4, 2020

HackTheBox Remote Writeup

Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell. Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.

May 3, 2020

HackTheBox Traceback Write-up

Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation. Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.

February 26, 2020

What is Updog?

Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.

January 13, 2020

Picat's Podcast: Episode 6

In this hour long podcast episode, I reviewed a lot of what I’ve done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.

July 9, 2020

HackTheBox Sauna Writeup

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

July 9, 2020

HackTheBox Sauna Writeup

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

July 9, 2020

HackTheBox Sauna Writeup

Sauna is another “easy” Windows machine on HackTheBox. However I definitely fell down my fair share of rabbit holes on this one. There’s a static website hosted here, so I thought it’d start with a web shell. However, this box turned out to to be entire about domains and LDAP. Which I have very little experience with to date. While this blog may sound like a straight path, it’s well edited to be stream lined.

July 4, 2020

HackTheBox Remote Writeup

Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell. Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.

July 4, 2020

HackTheBox Remote Writeup

Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell. Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.

May 3, 2020

HackTheBox Traceback Write-up

Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation. Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.

May 3, 2020

HackTheBox Traceback Write-up

Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation. Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.

April 30, 2020

Starting a Minecraft server

I’ve had a love hate relationship with Minecraft since I bought the beta when I was in highschool 2011. Throughout the years I’ve played countless local games, and joined others online in public servers. Over the last decade, I cycled through playing, getting mad at myself for not being productive, and taking a break. Lately I’ve been watching Hermitcraft more than playing or working combined. To convince myself I was being productive, I told myself starting a Minecraft server to play with friends and family would be a worthwhile systems administration and security project.

February 26, 2020

What is Updog?

Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.

February 26, 2020

What is Updog?

Friends among my various hacker spaces have shared links to a new tool called Updog created by Sc0tfree. A python3 implementation of an HTTP server that is intended to replace Python2’s SimpleHTTPServer module. I had to test it out myself and these are my opinions. In many hacker training courses, it is vital to be able to host your tools on a web server to download them onto target machines. One example would be to download a network scanning tool once you’ve gained a shell on the first machine of a target network.

January 13, 2020

Picat's Podcast: Episode 6

In this hour long podcast episode, I reviewed a lot of what I’ve done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.

January 13, 2020

Picat's Podcast: Episode 6

In this hour long podcast episode, I reviewed a lot of what I’ve done and what my current projects are. For this year, my goals are to get the OSCP and find a position at Offensive Security that is in the information security realm instead of development. Apart from studying, I’m also trying to help the Kali team with getting official cloud versions available on AWS and Azure with each new Kali release.

January 4, 2020

2019 in review

Another year, maybe decade, has come and gone and it’s time for me to review 2019. I realize I have not blogged consistently and that’s due to a couple different reasons. Work is busy, I burned out while studying, and there are some personal changes in my life. All that said, not much has changed my priorities. I still want to learn to be a better hacker and to give back to the community that gave me so much.

January 4, 2020

2019 in review

Another year, maybe decade, has come and gone and it’s time for me to review 2019. I realize I have not blogged consistently and that’s due to a couple different reasons. Work is busy, I burned out while studying, and there are some personal changes in my life. All that said, not much has changed my priorities. I still want to learn to be a better hacker and to give back to the community that gave me so much.

March 16, 2019

Replacing a forgotten WordPress password

What is the best part of creating a new blog? You create everything, move content, and then get back to the daily grind. Come back to write the next post and, wait, what did I set as the WordPress password? Looks like we’re going to have to overwrite the hash in the database. <pre class="wp-block-code">``` mysql> SELECT ID, user_login, user_pass FROM wp_users; +----+------------+------------------------------------+ | ID | user_login | user_pass | +----+------------+------------------------------------+ | 1 | admin | $P$BThiRip7s2lXh/PBVW7yFnKbQWvDtc0 | +----+------------+------------------------------------+ Here’s the problem though, we need to know how WordPress hash passwords in version 5.

March 16, 2019

Replacing a forgotten WordPress password

What is the best part of creating a new blog? You create everything, move content, and then get back to the daily grind. Come back to write the next post and, wait, what did I set as the WordPress password? Looks like we’re going to have to overwrite the hash in the database. <pre class="wp-block-code">``` mysql> SELECT ID, user_login, user_pass FROM wp_users; +----+------------+------------------------------------+ | ID | user_login | user_pass | +----+------------+------------------------------------+ | 1 | admin | $P$BThiRip7s2lXh/PBVW7yFnKbQWvDtc0 | +----+------------+------------------------------------+ Here’s the problem though, we need to know how WordPress hash passwords in version 5.

November 15, 2017

Online Brute Forcing 101

A good friend once mentioned how cool it’d be to practice brute forcing for a website login. I created a simple web page with a login form. Incorrect logins display a red error message while successful logins show the rest of the web page. There’s no database or complex code behind the webpage. It simply hashes the user input and compares it to a stored value. Before we continue, I must make it blatantly obvious that hacking any online service without consent could land you in a lot of trouble.

September 2, 2017

PHP Regex tutorial

Have you ever wondered how web applications do validation on forms? How does the app know when your input is really an email address? In most PHP applications, this is done using regular expressions (Regex). I’ve previously posted about how to defend against XSS and SQL injection. Checking strings with a white list of allowed characters is one of the easiest changes a developer can make. Regex makes this easy in most programming languages.

August 27, 2017

Do not waste your time with HPKP

This is my last post related to HTTP Public Key Pinning (HPKP). This is a post in response to Scott Helme’s latest post about him giving up on HPKP and how my blog is a perfect example of his concerns. In the past I’ve written three articles about the HPKP header: Testing HPKP headers Adding HPKP headers HPKP.. Public Key Pinning? The point of each of these articles are pretty well summed up in their titles.

April 22, 2016

Testing HPKP Headers

Over the last two weeks, I’ve posting a lot about HTTP Public Key Pinning. This will be my last post about it, I want to focus on testing HPKP. If you don’t know what HPKP is, read the first post. To learn how to add those headers, read the second post. I’ve had to spend a lot of time trying to figure out how to properly test these headers. In theory, this is how it should work.

April 15, 2016

Adding a HPKP Header

Before we try to add a HPKP header, let’s review from last week. I made a post about what HTTP public key pinning is. It’s a fingerprint that browsers use to compare certificates can warn the user if the certificate is from a different source, even if it’s trusted or from the same server. If that doesn’t make sense, check out the link to the previous post. Public-Key-Pins A Public-Key-Pins header looks like this:

May 25, 2017

Breaking My Blog with WPscan

One of the tools offered by default in Kali and many other hacking related distros is WPscan, a black box WordPress vulnerability scanner. I wanted to learn how to use this tool because it would help with recon on CTF challenges, practice boxes from vulnhub, and even trying to keep my own blog vulnerability free. Disclaimer Before I tell you more about the tool and how it can be used, I have to throw out the usual disclaimer.

December 1, 2016

Setting up Slack for MiSec

Some time last year, I wrote a post about setting up an IRC client on my VM. The idea was that since it’s always online, I’d always have the chat history for the #misec IRC channel. That way I’d never miss a mention or interesting conversation. Since then, a lot has changed and I don’t connect to that machine as much as I used to. I had to restart it a few times so the “always online” theory quickly fizzled out as well.

July 29, 2015

Found a group, sticking with it.

GrrCon 2015 is in October, it’ll be a great conference with a lot of talks. It’s the first con I’ll be able to attend. The tickets are a little expensive and I was unsure about going since this would be my first conference… Not to mention I’m still trying to get through college and I’m tight on money. So of course, I’m volunteering! I’ll be working my butt off to get you the best Con possible while making all the connections I can.

December 1, 2016

Setting up Slack for MiSec

Some time last year, I wrote a post about setting up an IRC client on my VM. The idea was that since it’s always online, I’d always have the chat history for the #misec IRC channel. That way I’d never miss a mention or interesting conversation. Since then, a lot has changed and I don’t connect to that machine as much as I used to. I had to restart it a few times so the “always online” theory quickly fizzled out as well.

May 19, 2016

OverTheWire: Leviathan

Hello everyone, thanks for looking at my last post about OverTheWire: Bandit. Since my traffic is about x10 my average consistently for the last four days, I wanted to write a follow up post about the next wargame offered by OverTheWire, Leviathan. All over the exercises, they say to not post walkthroughs or writeups, so I won’t. I will do my best to promote the project without giving away the important stuff.

May 15, 2016

OverTheWire: Bandit

Hey everyone, this post about Bandit is NOT a walkthrough of the greatest (only) “learn bash hacking” programs I’ve completed. This is NOT going to give you an advantage if you’re looking for cheat codes. This post will hopefully make you click on OverTheWire and want to try it out for yourself. Why you should try Bandit Do you work with Linux, bash shells, scripts, or ever have to deal with the command line?

December 7, 2015

Exploiting BWA (Broken Web App)

Two posts ago, I wrote a quick post about installing OWASP’s Broken Web App. This post will be about exploiting the BWA and by that I mean I’m sharing my experience following existing proof of concepts and walkthroughs. For example, reported vulnerabilities from sourceforge and video walkthroughs on irongeek.com. This post assumes you have the OWASP BWA virtual machine up and running and that your target VM’s IP address is mapped to owaspbwa.

November 25, 2015

Installing BWA (Broken Web App)

OWASP Broken Web App (BWA) is a safe place to practice some fun stuff and is basically a collection of applications to test everything security related. OWASP has a few projects like Web Goat, Security Shepherd, and more. Broken Web Apps is a collection of these guides and some outdated apps to test your developing skills. Install All The Things! In order to set things up, it’s important to have everything you need installed.

February 27, 2015

Step 5: Practice, Practice, Practice

Ok, lets review, we know our basics. We know how to use a computer, we know how to write code, we know what unix systems like Linux are, and we know how to use Unix tools like those provided in Kali. Wait, I still can’t get into my friends Facebook account, what are we really learning anyways? Well giant corporations like Google or Facebook are hard to hack, especially for people new to hacking like us.

September 16, 2015

Duo Security's 2FA

I hope you’ve been enjoying my posts. I know that writing these posts have been a good outlet for all I have learned over the last few years. This website is hosted on a VM, but it’s still a server that’s vulnerable to your every day hacks. For instance, every day someone pings my server, finds the SSH port and attempts to brute force into it. Now while there’s nothing here for them to steal, there’s still 20GB of free internet storage for whatever they want and the only thing stopping that brute force attack is that they can’t guess my password.