Would you please email me with any corrections or private feedback at [email protected]? Also, feel free to add comments to any blog post. I’ll get back to you as soon as possible.
- Exploring Serialization and Deserialization Methods in C++ July 16, 2021
I spent a few hours learning about serialization recently. Here is what I learned.
- Violent Fungus C2 Coming in 2022 June 26, 2021
I'm working on building a C2 so I can learn C2 at a fine-grained level and get good at coding C. Aiming for a 1.0 release in 2022. Here are some of the core goals and features I have planned.
- Discerning A Security Research Path: Part 1, Getting Started March 21, 2021
Still trying to discern what I want to do by connecting my inner passions and interests with what exists to work on. I need that drive when the work gets old or boring... suspect that the research work on hard things could take months and may not produce anything... and I need to be OK with that and continue.
- Digitalworld Bravery VulnHub Walkthrough October 12, 2020
This box was basically all dependent on enumeration. There’s a lot to look at and go through, but have to keep going and searching. 95% of the time is spent getting the initial shell. I really liked this box because I got to focus on enumeration and note taking.
- Digitalworld Mercy Vulnhub Walkthrough October 11, 2020
I liked this box and it reminds me of OSCP exam machines and good Hack The Box machines. There’s enumeration across multiple services, uses different vulnerability exploitations, and has three different stages of initial access, user account, and root access. I love the 3 stage access option because I’m used to it with Hack The Box, but OSCP machines don’t always have 3 stages.
- Digitalworld Joy VulnHub Walkthrough October 01, 2020
This machine would have been much more complicated if not for enumeration. Most of the work was just getting the initial shell and after that, the box fell quickly.I learned that if I find a vulnerability with a public exploit, calm down, take note of it, and keep enumerating because there could be more exploits (that are more reliable/easy). I wasted a lot more time on dropbear ssh exploit than I should have.