Welcome

This site contains articles and posts I’ve written over the years on career and technical matters. You can also check out past presentations I’ve given at various hacker and cyber security conferences.

Malicious Word Documents with Cobalt Strike

 Posted on March 22, 2022  |  4 minutes  |  842 words  |  David Mitchell

Now that Microsoft is blocking macros for internet and externally sourced documents, I feel its safer to talk about some of the EDR evading Word macro techniques I have used in the past. Particularly for delivering Cobalt Strike beacons. Cactus Torch is a great tool as a starting point. It takes some basic concepts such as a encoding the CS payload in memory, starting a process and injecting the payload into memory. [Read More]
infosec  security 

OSCP: Try less harder

 Posted on May 3, 2019  |  6 minutes  |  1154 words  |  David Mitchell

A while ago I earned my OSCP certification. Before that I had my GPEN and Pentest+. The Pentest+ I obtained during the beta program for the certification since the test was only $50 and I figured there was not much harm in trying. I took it practically blind (no preparation), and found out I passed in August. Shortly after I was given the opportunity to take the SpectreOps Red Team Training and after that scheduled to take OSCP training. [Read More]
OSCP  infosec  security 

Pentest+

 Posted on August 3, 2018  |  2 minutes  |  259 words  |  David Mitchell

Back when CompTIA had a temporary beta program for the Pentest+, I took advantage of it, and the cheap cost of the test just to give it a shot. I didn’t study for it and kind of went in blind since no study materials existed and most of what was out there for it was pure speculation. It took a while to learn the results but I’m happy to report that I passed. [Read More]
pentest-plus  infosec  security 

Cutter - A GUI for radare2

 Posted on February 16, 2018  |  2 minutes  |  216 words  |  David Mitchell

I’ve recently been using radare2 for a bit of reverse engineering and have used it a little bit in the past for CTF competions. (Side note: scaleway.com is a great cloud/VPS service if you need an ARM based server/machine for a something like a CTF to analyze ARM binaries and do not have a Raspberry Pi, ODroid or similar ARM based computer handy.) I discovered Cutter recently, which has some instructions to compile it using cmake (also qmake but I had and used cmake). [Read More]
hacking  infosec  reverse engineering 

Docker and AWS certs

 Posted on November 28, 2017  |  1 minutes  |  149 words  |  David Mitchell

The last year I’ve been busy working quite a bit with AWS. I’ve gone so far as to get my certification as the Associate Level as an AWS Architect. I accomplished this earlier in the year as well as renewing my Puppet Certification just recently for 2017. I may also be getting Docker certified. Also related to AWS, I’ve recently discovered some infosec related resources on AWS from the offensive perspective. [Read More]
devops  aws  docker  containers 

New development editor

 Posted on June 9, 2017  |  2 minutes  |  229 words  |  David Mitchell

Atom.io was getting too bloated. So after much trial and error, and learning curve, I went hard into vim, and started using spacevim. In fact, I’m typing this up in spacevim right now with a live Markdown preview showing in a side browser window. The biggest challenge besides getting it working and all the dependencies, was to get the terminal colors and unicode characters to display properly. At work, I settled on a Terminator terminal over X11+SSH session to get the colors just right, even though setting xterm-256color (or color256 maybe) as your terminal type and also installing the powerline fonts. [Read More]
vim  puppet  devops 

Keto

 Posted on May 28, 2017  |  4 minutes  |  772 words  |  David Mitchell

So I can’t STFU about keto, so the below is what started as a sentence or two explanation of my experience of keto in response to something that turned into a blog post, so I decided to cut my comment short and post it here. I started the last week of January, I’ve gone from 268 to 233, and that’s falling off the wagon several times (sometimes intentionally for special meals/travel) and getting back on it. [Read More]
keto 

RedHat Summit 2017

 Posted on May 5, 2017  |  2 minutes  |  336 words  |  David Mitchell

Now I’m sitting on a plane, heading back to my family. I just got through with the RedHat Summit 2017 in Boston and I also visited some of my family while there. It was an intense 3-4 days. I generally love Boston, and also Cambridge across the river. While I was there, I took a visit over to the MIT Press Bookstore, and bought a few books, including Grokking algorithms which was a book that I already had on my wishlist, but wasn’t one I could find in the store anywhere else. [Read More]
devops  linux  open source  containers  cloud 

Teaching my Kids

 Posted on April 22, 2017  |  3 minutes  |  437 words  |  David Mitchell

I have only two kids at this point and for the foreseeable future. Both are fairly young, but one is getting old enough that I’m starting to think about teaching her some of the basic programming and STEM related subjects fairly early. She already is quite taken by Minecraft, and can navigate the computer pretty well even if she doesn’t yet know all the keys on the keyboard. She knows how to move and do things, etc. [Read More]
parenting 

Dealing with and exploiting Struts

 Posted on March 26, 2017  |  3 minutes  |  570 words  |  David Mitchell

I’m sitting on a plane waiting for my delayed flight to Boston listening to Adam Savage rant about Apple’s lack of ease of use (of which I totally agree). I figured it was the perfect time to finish this blog. Oh yeah, why am I on a plane? I’m heading to Red Hat Summit 2017. I might write about that later. In like a year or so. Yes, I back dated this if you realize the RH Summit is in May, but I’ve been meaning to write this post for over a month. [Read More]
infosec  security