Welcome

This site contains articles and posts I’ve written over the years on career and technical matters. You can also check out past presentations I’ve given at various hacker and cyber security conferences.

Python for fun and profit

I have been honing my Python skills on a couple of projects recently. One is the famous (or infamous) Python Challenge which has been interesting, but its not where I have spent the bulk of my time. The other is some work related scripting in jython for Websphere automating some tasks for developers (pausing and resuming activation specifications) in their test environment. But was has challenged me the most and captured the majority of my attention is the Matasano Crypto Challenge. [Read More]

Metasploitation

So I’ve been using some of my spare time to experiment with and learn how to use Metasploit. I’ve been familiar with Metasploit for a while now, so this isn’t really about learning something new so much as it is finally getting familiar with a tool that I’ve messed with only a little in the past. Part of this is because I have no programming projects to occupy myself with since I have a real problem finding an interesting problem or project that I can code a solution for. [Read More]

Message engines & Service Integration Buses

One of the components that I deal with in my work with WebSphere that seems nebulous to some conceptually, is the service integration bus and it’s corresponding message engine. Especially when you’re first beginning to learn about WebSphere and JMS. This concept is not unique to WebSphere and similar implementations can be found in JBoss, but my experience with it rests mostly with WebSphere. A service integration bus lets applications exchange messages between each other within a cell. [Read More]

Fierce

I’ve been learning a little bit about security and penetration testing in my spare time. I have some friends who are professionals in the industry and I have an interest in it myself so when they mention a tool I like to take a look at what it does and learn a little bit about it. Fierce is a domain scanning tool, what that means is it scans an organization’s domains for listed hosts. [Read More]

CarolinaCon 9

CarolinaCon 9 was this weekend in Raleigh, NC which I attended Saturday. I was also there as a representative of FALE to help host their lock pick village. There were several talks given by some of the FALE members, one titled “Terminal Cornucopia” by treefort was on how ineffective TSA security theater is at preventing weapons from making it onto an airplane. There was a demonstration of a club called “Murica” made with items purchased in the terminal behind TSA security checkpoints consisting of a copy of the Declaration of Independence, with a pointy metal souvenir model of the Washington monument protruding from it. [Read More]

Java EE and Android

In the last year I’ve been picking up more and more Java, I did this for two reasons. The most personal one is that I wanted to learn how to write Android programs. First, because I own an Android phone, second, the mobile platform is a platform where a small individual developer can write useful apps and there obviously is demand and a future for such skills on the market as well. [Read More]

PyDev and wsadmin unite

Those of us that use WebSphere Application Server in our environments as our J2EE application server have a very powerful tool to administrate or automate tasks from the command line, wsadmin. wsadmin is a command line utility that allows you to issue commands in a single server or network deployment (multiple servers in a single administrative domain or “cell”). If you are reading this you probably know all about it and its support for Python, or Jython environment as a language to issue commands and run scripts to handle a variety of tasks. [Read More]

My first post using Pelican

This is my first post using Pelican as my new blogging platform. I had considered using OctoPress but encountered too much trouble getting the ruby stack to work properly without dependency problems, even following directions or tutorials. So I looked for a Python alternative and found Pelican. I found it was much simpler to get running just following the directions. Plus, I know Python, so I’m obviously more comfortable with it then Ruby. [Read More]

CarolinaCon 2017

Iworked another year as staff for CarolinaCon 2017. This year I helped run the hardware hacking village with my friends and fellow members of FALE which was mostly if not completely used to assemble badges for the conference which where Atmel based hardware badges that communicated wirelessly with RF modules on the ~900+Mhz frequency range. The badges were designed by my friend melvin2001 whom I miss badly now that he’s moved across country. [Read More]

Infosec Pivot

2018 came with a big transition for me, a new opportunity came up that allowed me to pivot into InfoSec full time. Without going into too much detail I’ll be doing a bit of offensive security. This is very exciting for me to say the least. One of the things I am working on that I have had plans to build out eventually for some time is a home pentesting lab. [Read More]