• A Harm Reduction Approach to Systems

    Typically when we hear the phrase “harm reduction,” we may think of services such as needle exchange programs and Narcan training, which are community programs designed to help keep people who use IV drugs safer. Harm reduction can be described as a set of public health policies that are designed to minimize the amount of harm that occurs to people...

  • Psychological Safety and Resilience

    I discuss how working in tech, especially security, can sometimes result in an experience similar to moral distress, explore the criticality of honesty when learning from failures, and suggest ideas for improving psychological safety so our teams can get better insights about our systems.

  • Research Notes: WMI and Living off the Land Persistence Techniques

    This is previously unpublished deep dive research I did into WMI persistence with a focus on malware examples attributed to threat actor APT29. I explain what WMI is and how it can be leveraged to maintain persistent access to a target. I also include some ideas for defenders.

  • Failing the OSCP Challenge (again)

    I headed into my second attempt at the OSCP exam feeling underprepared. Due to my work, I had been unable to give my exam preparation the full attention it deserves. I’m okay with that. Sometimes priorities have to shift. I approached this as a learning experience and an opportunity to apply some of what I learned during my first...

  • Blame, Shame, & Systems

    As I try to acknowledge and unlearn shame to improve my personal life, I’m also considering how I can do my part to stop perpetuating shame-based practices at work. I’ve been asking myself questions like:

    • How might shame be affecting those around me?
    • Am I knowingly participating in structures that are based on shame?
    • What are some ways shame...
  • Enumerating SQL DB Columns with Burp Suite

    I ran across this Gist I made awhile back detailing how, when you have a certain type of SQLi, it’s possible to use Burp Suite to enumerate columns in the database. I figured it doesn’t hurt to share it on the blog. :)

  • AD Password Audit with Metasploit, Impacket, and Johnny

    This tutorial is geared toward those who are running these commands on a *nix type system. These steps were conducted on a system running Parrot Security OS. Many of the tools used come stock on security-focused Linux distributions like Kali Linux and Parrot OS.

  • OSCP Resources

    UPDATE: Please follow the repo on GitHub if you’d like to keep track of new additions to the list!