blog
-
A Harm Reduction Approach to Systems
Typically when we hear the phrase “harm reduction,” we may think of services such as needle exchange programs and Narcan training, which are community programs designed to help keep people who use IV drugs safer. Harm reduction can be described as a set of public health policies that are designed to minimize the amount of harm that occurs to people...
-
Psychological Safety and Resilience
I discuss how working in tech, especially security, can sometimes result in an experience similar to moral distress, explore the criticality of honesty when learning from failures, and suggest ideas for improving psychological safety so our teams can get better insights about our systems.
-
Research Notes: WMI and Living off the Land Persistence Techniques
This is previously unpublished deep dive research I did into WMI persistence with a focus on malware examples attributed to threat actor APT29. I explain what WMI is and how it can be leveraged to maintain persistent access to a target. I also include some ideas for defenders.
-
Exploiting Freefloat FTP Server 1.0 - 'REST' / 'PASV' Remote Buffer Overflow Vulnerability
I really enjoy playing around with these memory corruption exploits so I thought I’d start doing writeups on the buffer overflow vulns I use for practice while working toward the OSCP.
-
Failing the OSCP Challenge (again)
I headed into my second attempt at the OSCP exam feeling underprepared. Due to my work, I had been unable to give my exam preparation the full attention it deserves. I’m okay with that. Sometimes priorities have to shift. I approached this as a learning experience and an opportunity to apply some of what I learned during my first...
-
Blame, Shame, & Systems
As I try to acknowledge and unlearn shame to improve my personal life, I’m also considering how I can do my part to stop perpetuating shame-based practices at work. I’ve been asking myself questions like:
- How might shame be affecting those around me?
- Am I knowingly participating in structures that are based on shame?
- What are some ways shame...
-
Enumerating SQL DB Columns with Burp Suite
I ran across this Gist I made awhile back detailing how, when you have a certain type of SQLi, it’s possible to use Burp Suite to enumerate columns in the database. I figured it doesn’t hurt to share it on the blog. :)
-
Thoughts on Resilience
Failover Conf: My Intro to Resilience Engineering
-
Failing the OSCP Challenge
I’ve documented my first attempt at the OSCP exam.
-
AD Password Audit with Metasploit, Impacket, and Johnny
This tutorial is geared toward those who are running these commands on a *nix type system. These steps were conducted on a system running Parrot Security OS. Many of the tools used come stock on security-focused Linux distributions like Kali Linux and Parrot OS.
-
PRCCDC 2019 Retrospective
I’ve documented my PRCCDC experience.
-
OSCP Resources
UPDATE: Please follow the repo on GitHub if you’d like to keep track of new additions to the list!
-
A Brief Guide to CISSP Prep
Adventures in Exam Preparation
-
Golang && REST Design Resources
A Few Golang/REST Resources I’ve Crowdsourced/Otherwise Discovered
-
Hidden in Plain Sight
What I Do with My Bias
-
Forgit About It
WARNING: may contain bad Git puns
-
...Now With Blog!
I’m blogging!