So I decided to take Google’s new Cybersecurity Certification Program. I wanted to see what the content was like and with the promise of learning basic SQL and Python by going through this program I was intrigued. …

The folks at HackTheBox put on another fun/great event! One of my favorite solves from this event was the Forensic Interstellar C2 challenge. I really enjoyed the realistic-ish hunt via PCAP of a suspected PowerShell dropper and it’s encrypted traffic. …

DNS over HTTPS, Socks, and SSH — Tunneling DNS through SSH using socat or nc with named pipes is a finicky approach to a not-so-common problem. In my experience it can be incredibly unreliable when you need it most and constantly leads to hung requests which require process restarts. No wonder though; wrapping a connectionless protocol in…

Had a chance to meddle with HTB:HackTheBoo while it was live from October 23rd through the 27th. Plenty of fun and unique challenges despite most of the puzzles being rated “easy”. One of the challenges I found very interesting was the crypto_whole_lotta_candy challenge. The challenge revolved around decrypting a given…

TL,DR; During a recent engagement, we discovered a signature bypass for the F5 ASM Rule 200004181: Generic Server Side Code Injection. As we had come upon a Tomcat Manager instance, we discovered this bypass while attempting to upload a WAR file to the manager. …

Recently, I participated in the Hackazon Hacky Holidays: UnlockTheCity CTF (say that three times fast). …

This post is a write up of my method for solving the Location Analysis challenge during the 2022 Hacky Holidays: Unlock the City CTF. The challenge description reads: We noticed that the AI was breaking in to one of the systems in our research center. The system is used in…

Background on Lock Screen Bypass Exploits Android devices have had multiple CVE findings through the past few years which enable an individual to bypass the lock screen and obtain unauthorized access or escalation of privilege. For example, CVE-2015–3860 is a previously identified CVE that utilizes the emergency dialer and camera processes to stage a buffer overflow…

In the midst of conducting a research project on auditing passwords (which I hope to blog about later!), I had acquired numerous large password leaks. These leaks, however, sometimes were not just simple plain text passwords. They could contain hashes, hash type, count of hits in the source list, etc…