Blog

blog

• A Harm Reduction Approach to Systems

  04 Aug 2022

  Typically when we hear the phrase “harm reduction,” we may think of services such as needle exchange programs and Narcan training, which are community programs designed to help keep people who use IV drugs safer. Harm reduction can be described as a set of public health policies that are designed to minimize the amount of harm that occurs to people...

• Psychological Safety and Resilience

  03 Apr 2022

  I discuss how working in tech, especially security, can sometimes result in an experience similar to moral distress, explore the criticality of honesty when learning from failures, and suggest ideas for improving psychological safety so our teams can get better insights about our systems.

• Research Notes: WMI and Living off the Land Persistence Techniques

  19 Mar 2022

  This is previously unpublished deep dive research I did into WMI persistence with a focus on malware examples attributed to threat actor APT29. I explain what WMI is and how it can be leveraged to maintain persistent access to a target. I also include some ideas for defenders.

• Exploiting Freefloat FTP Server 1.0 - 'REST' / 'PASV' Remote Buffer Overflow Vulnerability

  09 Dec 2020

  I really enjoy playing around with these memory corruption exploits so I thought I’d start doing writeups on the buffer overflow vulns I use for practice while working toward the OSCP.

• Failing the OSCP Challenge (again)

  10 Nov 2020

  I headed into my second attempt at the OSCP exam feeling underprepared. Due to my work, I had been unable to give my exam preparation the full attention it deserves. I’m okay with that. Sometimes priorities have to shift. I approached this as a learning experience and an opportunity to apply some of what I learned during my first...

• Blame, Shame, & Systems

  13 Aug 2020

  As I try to acknowledge and unlearn shame to improve my personal life, I’m also considering how I can do my part to stop perpetuating shame-based practices at work. I’ve been asking myself questions like:

  • How might shame be affecting those around me?
  • Am I knowingly participating in structures that are based on shame?
  • What are some ways shame...

• Enumerating SQL DB Columns with Burp Suite

  17 May 2020

  I ran across this Gist I made awhile back detailing how, when you have a certain type of SQLi, it’s possible to use Burp Suite to enumerate columns in the database. I figured it doesn’t hurt to share it on the blog. :)

• Thoughts on Resilience

  16 May 2020

  Failover Conf: My Intro to Resilience Engineering

• Failing the OSCP Challenge

  02 Apr 2020

  I’ve documented my first attempt at the OSCP exam.

• AD Password Audit with Metasploit, Impacket, and Johnny

  21 Sep 2019

  This tutorial is geared toward those who are running these commands on a *nix type system. These steps were conducted on a system running Parrot Security OS. Many of the tools used come stock on security-focused Linux distributions like Kali Linux and Parrot OS.

• PRCCDC 2019 Retrospective

  05 Apr 2019

  I’ve documented my PRCCDC experience.

• OSCP Resources

  27 Nov 2018

  UPDATE: Please follow the repo on GitHub if you’d like to keep track of new additions to the list!

• A Brief Guide to CISSP Prep

  01 Oct 2018

  Adventures in Exam Preparation

• Golang && REST Design Resources

  27 Sep 2018

  A Few Golang/REST Resources I’ve Crowdsourced/Otherwise Discovered

• Hidden in Plain Sight

  27 Aug 2018

  What I Do with My Bias

• Forgit About It

  13 Aug 2018

  WARNING: may contain bad Git puns

• ...Now With Blog!

  09 Aug 2018

  I’m blogging!