Welcome
This site contains articles and posts I’ve written over the years on career and technical matters. You can also check out past presentations I’ve given at various hacker and cyber security conferences.
Machine Learning Everyone is into LLMs right now, ~48 billion of investment went into AI/ML in 2023 alone because of the hype surrounding ChatGPT and similar products. Even more investment going into it this year if the first quarter is any indication. AI/ML is important, even if you’re tired of the snake oil you were sold in the past on ML/AI and were tired of hearing about it before the hype cycle hit, if you’re in the security space at all, you should care because your business or customers care and they’re using it, spending large amounts of money on it and its directly touching your most valuable data (because that’s what the business is training them on).
[Read More]
Initial access and persistence through containers
This post is to follow up some of the technical details for the talk I gave at the 2024 Red Team Summit. The talk itself covered the use of container registries and infiltration through CI/CD pipelines as a means of initial access and persistence. This post will cover some of the technical details and examples that I used in the talk.
The first thing to discuss is gaining initial access to a container registry.
[Read More]
SDLC Testing
CI/CD pipelines exist in just about every company that does some kind of development. Some companies have more mature pipelines than others, but the rule still holds. Most companies with in house development have a Jenkins instance or some similar build orchestration software, code repositories, path to deployment, etc. Depending on your background you may be familiar with these environments to varying degrees. I started out doing somethin between running application servers and devops, maintaining deployment pipelines and helping developers troubleshoot issues.
[Read More]
Malicious Word Documents with Cobalt Strike
Now that Microsoft is blocking macros for internet and externally sourced documents, I feel its safer to talk about some of the EDR evading Word macro techniques I have used in the past. Particularly for delivering Cobalt Strike beacons.
Cactus Torch is a great tool as a starting point. It takes some basic concepts such as a encoding the CS payload in memory, starting a process and injecting the payload into memory.
[Read More]
OSCP: Try less harder
A while ago I earned my OSCP certification. Before that I had my GPEN and Pentest+. The Pentest+ I obtained during the beta program for the certification since the test was only $50 and I figured there was not much harm in trying. I took it practically blind (no preparation), and found out I passed in August. Shortly after I was given the opportunity to take the SpectreOps Red Team Training and after that scheduled to take OSCP training.
[Read More]
Pentest+
Back when CompTIA had a temporary beta program for the Pentest+, I took advantage of it, and the cheap cost of the test just to give it a shot. I didn’t study for it and kind of went in blind since no study materials existed and most of what was out there for it was pure speculation. It took a while to learn the results but I’m happy to report that I passed.
[Read More]
Cutter - A GUI for radare2
I’ve recently been using radare2 for a bit of reverse engineering and have used it a little bit in the past for CTF competions. (Side note: scaleway.com is a great cloud/VPS service if you need an ARM based server/machine for a something like a CTF to analyze ARM binaries and do not have a Raspberry Pi, ODroid or similar ARM based computer handy.)
I discovered Cutter recently, which has some instructions to compile it using cmake (also qmake but I had and used cmake).
[Read More]
Docker and AWS certs
The last year I’ve been busy working quite a bit with AWS. I’ve gone so far as to get my certification as the Associate Level as an AWS Architect. I accomplished this earlier in the year as well as renewing my Puppet Certification just recently for 2017. I may also be getting Docker certified.
Also related to AWS, I’ve recently discovered some infosec related resources on AWS from the offensive perspective.
[Read More]
New development editor
Atom.io was getting too bloated. So after much trial and error, and learning curve, I went hard into vim, and started using spacevim. In fact, I’m typing this up in spacevim right now with a live Markdown preview showing in a side browser window.
The biggest challenge besides getting it working and all the dependencies, was to get the terminal colors and unicode characters to display properly. At work, I settled on a Terminator terminal over X11+SSH session to get the colors just right, even though setting xterm-256color (or color256 maybe) as your terminal type and also installing the powerline fonts.
[Read More]
Keto
So I can’t STFU about keto, so the below is what started as a sentence or two explanation of my experience of keto in response to something that turned into a blog post, so I decided to cut my comment short and post it here.
I started the last week of January, I’ve gone from 268 to 233, and that’s falling off the wagon several times (sometimes intentionally for special meals/travel) and getting back on it.
[Read More]