-
Zero Downtime API Shared Secret Rotation
A demonstration of how an API could rotate its shared secret with zero down time
-
Lets Build A CI Pipeline Threat Model
Lets build a threat model of a CI pipeline for fun
-
Switching to Windows Part 1
Taking the plunge on a Windows based laptop after years using OS X and Linux based devices
-
Build A Web Site/App Quick and Cheap!
Cheapest and fastest ways to get your project online
-
Amazon ECR Image Scanning Gotchas
Things you should know about the "vulnerabilities" ECR image scan results report
-
Practical Malware Analysis: Lab 3-3
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 3-3 malware.
-
Practical Malware Analysis: Lab 3-2
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 3-2 malware.
-
Practical Malware Analysis: Lab 3-1
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 3-1 malware.
-
Kankun Smart Plug Network Decryption
In the first blog post about the Kankun smartplug, the Android application was decompiled and the AES-256 bit encryption key was found. In this blog post, the network traffic between the mobile app and smartphone will be captured, the network traffic will be decrypted utilizing a script from Payatu and the encryption key found previously, and the Kankun Smartplug will be controlled via the Kankun Controller Script from 0x00string
-
Practical Malware Analysis: Lab 1-4
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 1-4 malware.
-
Practical Malware Analysis: Lab 1-3
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 1-3 malware.
-
Practical Malware Analysis: Lab 1-2
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 1-2 malware.
-
Practical Malware Analysis: Lab 1-1
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 1-1 malware.
-
Kankun Smart Plug Analysis
During the Offensive Internet Of Things course, the Kankun Smart Plug is analyzed in various ways including: using Jadx to decompile and analyze the mobile app, acquiring and analyzing the device's firmware, and a nalyzing the network traffic.
-
Asus RT-N15U Firmware Analysis
For the next firmware analysis task of the Offensive Internet Of Things Exploitation final project, I decided to analyze the Asus RT-N15U firmware version 3.0.0.4.376.3754. The following is the process I used to backdoor, emulate, and analyze this firmware as well as any security issues I could find.
-
TP-Link TL-WR810N Firmware Analysis
For one of the projects for the Offensive Internet Of Things Exploitation final exam I decided to try to analyze the firmware for the TP-Link TL-WR810N
-
Nand Glitching Wink Hub For Root
During the Offensive Internet Of Things Exploitation course the instructor demonstrates a technique called a "NAND Glitch" on a Wink Connected Home Hub IoT device. This technique allows a root shell to be acquired on a device which normally does not provide console access. This post outlines the process I used to replicate the NAND Glitch as well as discusses some of the "gotchas" that I encountered along the way.
-
Mounting Virtualbox Shared Folder in Manjaro Guest
Everytime I setup a Linux vm in Virtualbox and attempt to get shared folders working, I always run into issues. I decided to create a blog post to save my self the trouble of Googling so that I have the information in one place. In the various distros I have encountered issues with, Manjaro being the most recent, the issues have seemed to have been addressed by three things.
-
Haskell YAML Config
A quick example of reading a yaml config file in Haskell.
-
Haskell TCP Fuzzer
An example TCP fuzzer written in Haskell
-
Linux Daemon
How to write a Linux daemon.
-
Opcode Script
Opcodes from Assembly Instructions
-
SLAE Problem 7: Create a Custom Crypter
SLAE Problem 7: Create a Custom Crypter
-
SLAE Problem 6: Shell-Storm.com Shellcode Analysis and Polymorphic Modification
SLAE Problem 6: Shell-Storm.com Shellcode Analysis and Polymorphic Modification
-
SLAE Problem 5.3: Msfvenom Analysis of linux/x86/exec
Analysis of Msfvenom shellcode: linux/x86/exec
- Older posts

