❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdaynot so pro

Avoiding B.A.D. behaviour

11 June 2022 at 22:00
The difficult relationship between nihilism, cybersecurity professionals and Being-A-Dick behaviour - Disclaimer: if you are looking for a strictly technical article, the ones I usually write, you will be disappointed. This blogpost is mainly my two cents on the way we, cybersecurity professionals, usually deal with situations, organizations and people, both techies and non-techies. Introduction A few days ago, I was...

dnscat(how)2

13 May 2022 at 22:00
Quick primer on how to setup and use dnscat2 - dnscat2 uses a client server architecture to tunnel traffic via UDP and/or DNS queries. It can be used to bypass firewalls and execute commands on the machine running the client. It can also be used to to tunnel traffic from the server to the internal network of the client through...

My (ongoing) path to cyber security.

5 August 2019 at 22:00
It's not about the destination, it's about the journey - Let’s track this from the beginning. Why am I writing this piece? The answer is at the end of the post (go there for a tl;dr). On this blog I usually stick to technical posts because that’s what I feel like doing, teaching other people things I’m still learning to...

Attacking and Defending Active Directory course review

3 June 2019 at 22:00
Active Directory attacks, from zero to hero - Introduction It’s been almost two weeks since I took and passed the exam of the Attacking and Defending Active Directory course by Pentester Academy and I finally feel like doing a review. I was very excited to do this course as I didn’t have a lot of experience with Active...

Introduction to angr Part 2

25 March 2019 at 23:00
Jarvis, sometimes you gotta run before you can walk - Searching on Google how to combat writer’s block and blank page fear? Check. I really don’t know how to start this time, probably because I’m distracted so let’s dive right into it. In the last post we learnt how to inject a symbolic bitvector inside a register using angr and...

GRIP v0.1

26 January 2019 at 23:00
Go RIP Injection Program - It has been in my mind for quite some time to learn Golang and write some pentesting-oriented tools lately. I’ve finally made up my mind and wrote a tool to inject fake RIPv2 routes in a network in Go that I called Golang RIP Injection Program (or GRIP for short)....

Securing Your Macbook Part 3

23 January 2019 at 23:00
2FA at login: using Yubikeys as a second authentication layer - Introduction Quick recap of what we saw in the first and second parts of this series. We started out by seeing how to setup your Macbook so that only one account is allowed to decrypt FileVault2, effectively creating two different passwords for mass storage decryption and user login authentication. After...

Securing Your Macbook Part 2

22 January 2019 at 23:00
Separating Privileges (2): different accounts for different privilege levels - Introduction Quick recap of what we saw in the last post. In the first part of this series we saw how to create a new user and allow only him to unlock FV2. This effectively allows having different passwords for FV2 decryption and user authentication. In this short post we...

Securing Your Macbook Part 1

20 January 2019 at 23:00
Separating Privileges (1): different passwords for decryption and authentication - Introduction This is a blogpost series on how I keep my Macbook insecure. These posts take a lot from the following resources so kudos to them first: macOS Security and Privacy Guide Configuring macOS Sierra to authenticate with YubiKey 4 The idea behind this is to make it impossible very...
❌
❌