posts
some notes on hacking, development, tech culture, & more
-
A Harm Reduction Approach to Systems
Typically when we hear the phrase “harm reduction,” we may think of services such as needle exchange programs and Narcan training, which are community programs designed to help keep people who use IV drugs safer. Harm reduction can be described as a set of public health policies that are designed to minimize the amount of harm that occurs to people...
-
Psychological Safety and Resilience
I discuss how working in tech, especially security, can sometimes result in an experience similar to moral distress, explore the criticality of honesty when learning from failures, and suggest ideas for improving psychological safety so our teams can get better insights about our systems.
-
Research Notes: WMI and Living off the Land Persistence Techniques
This is previously unpublished deep dive research I did into WMI persistence with a focus on malware examples attributed to threat actor APT29. I explain what WMI is and how it can be leveraged to maintain persistent access to a target. I also include some ideas for defenders.
-
Exploiting Freefloat FTP Server 1.0 - 'REST' / 'PASV' Remote Buffer Overflow Vulnerability
I really enjoy playing around with these memory corruption exploits so I thought I’d start doing writeups on the buffer overflow vulns I use for practice while working toward the OSCP.
-
Failing the OSCP Challenge (again)
I headed into my second attempt at the OSCP exam feeling underprepared. Due to my work, I had been unable to give my exam preparation the full attention it deserves. I’m okay with that. Sometimes priorities have to shift. I approached this as a learning experience and an opportunity to apply some of what I learned during my first...