Security

• 23 Apr 2023: BSidesSF CTF 2023: Lastpwned (Author Writeup)
• 17 Apr 2023: CTF 101: Just Try It!
• 20 Jul 2022: Returning to Hacker Summer Camp
• 20 Jun 2022: BSidesSF 2022 CTF: Login4Shell
• 09 Jun 2022: BSidesSF 2022 CTF: TODO List
• 07 Jun 2022: BSidesSF 2022 CTF: Cow Say What?
• 24 Nov 2021: Book Review: Designing Secure Software
• 05 Nov 2021: Book Review: Bug Bounty Bootcamp
• 12 Aug 2021: 0x0G CTF: gRoulette (Author Writeup)
• 12 Aug 2021: 0x0G CTF: Authme (Author Writeup)
• 05 Jun 2021: GPU Accelerated Password Cracking in the Cloud: Speed and Cost-Effectiveness
• 12 Mar 2021: BSidesSF 2021 CTF: Net Matroyshka (Author Writeup)
• 08 Mar 2021: BSidesSF 2021 CTF: Encrypted Bin (Author Writeup)
• 08 Mar 2021: BSidesSF 2021 CTF: CuteSrv (Author Writeup)
• 26 Nov 2020: Hacker Holiday Gift Guide - 2020 Edition
• 17 Oct 2020: Course Review: Reverse Engineering with Ghidra
• 04 Sep 2020: Lessons Learned from SSH Credential Honeypots
• 26 Jul 2020: Security 101: Backups & Protecting Backups
• 14 Jul 2020: Raspberry Pi as a Penetration Testing Implant (Dropbox)
• 10 Jul 2020: Comparing 3 Great Web Security Books
• 05 Jul 2020: Security 101: Encryption, Hashing, and Encoding
• 03 Jul 2020: Security 101: Beginning with Kali Linux
• 26 Jun 2020: Hacker Culture Reading List
• 14 Jun 2020: Private CA with X.509 Name Constraints
• 25 May 2020: Book Review: Operator Handbook
• 22 May 2020: Everyone in InfoSec Should Know How to Program
• 07 May 2020: Security 101: Two Factor Authentication (2FA)
• 17 Apr 2020: So You Want a Red Team Exercise?
• 08 Apr 2020: Security 101: Learning From Home
• 25 Mar 2020: Security 101: X-Forwarded-For vs. Forwarded vs PROXY
• 22 Mar 2020: Security 101: Virtual Private Networks (VPNs)
• 27 Feb 2020: BSides SF 2020 CTF: Infrastructure Engineering and Lessons Learned
• 27 Nov 2019: Hacker Holiday Gift Guide (HHGG) 2019
• 05 Sep 2019: Hacker Summer Camp 2019: The DEF CON Data Duplication Village
• 23 Aug 2019: CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry
• 19 Aug 2019: Hacker Summer Camp 2019: CTFs for Fun & Profit
• 27 Jul 2019: Hacker Summer Camp 2019: What I'm Bringing & Protecting Yourself
• 02 May 2019: Hacker Summer Camp 2019 Preview
• 26 Mar 2019: So You Want to Red Team?
• 20 Mar 2019: Course Review: Applied Hardware Attacks: Rapid Prototying & Hardware Implants
• 15 Mar 2019: Certifications Aren't as Big a Deal as You Think
• 10 Mar 2019: Running the BSides SF 2019 CTF
• 08 Mar 2019: BSides SF CTF Author Writeup: Flagsrv
• 07 Mar 2019: BSides SF CTF Author Writeup: Cloud2Clown
• 30 Oct 2018: Understanding Shellcode: The Reverse Shell
• 12 Oct 2018: Course Review: Adversarial Attacks and Hunt Teaming
• 14 Sep 2018: Course Review: Software Defined Radio with HackRF
• 27 Aug 2018: "Entry-Level" Security Jobs and Experience
• 25 Aug 2018: Hacker Summer Camp 2018: Wrap-Up
• 10 Aug 2018: I'm the One Who Doesn't Knock: Unlocking Doors From the Network
• 19 Jul 2018: Hacker Summer Camp 2018: Cyberwar?
• 15 Jul 2018: Hacker Summer Camp 2018: Last Minute Tips
• 19 Jun 2018: Pros vs Joes CTF: The Evolution of Blue Teams
• 26 May 2018: Hacker Summer Camp 2018: Prep Guide
• 03 May 2018: How the Twitter and GitHub Password Logging Issues Could Happen
• 21 Apr 2018: BSidesSF CTF 2018: Coder Series (Author's PoV)
• 16 Apr 2018: The IoT Hacker's Toolkit
• 03 Mar 2018: OpenSSH Two Factor Authentication (But Not Service Accounts)
• 14 Feb 2018: Preparing for Penetration Testing with Kali Linux
• 10 Feb 2018: Book Review: Red Team by Micah Zenko
• 05 Feb 2018: Security Is Not an Absolute
• 28 Jan 2018: Playing with the Gigastone Media Streamer Plus
• 26 Jan 2018: Psychological Issues in the Security Industry
• 20 Jan 2018: socat as a handler for multiple reverse shells
• 16 Jan 2018: TP-Link Kasa App: SSL Verification Disabled (Fixed)
• 27 Dec 2017: Even With the Cloud, Client Security Still Matters
• 18 Dec 2017: [CVE-2017-17704] Broken Cryptography in iStar Ultra & IP ACM by Software House
• 11 Nov 2017: Hardware Hacking, Reversing and Instrumentation: A Review
• 24 Oct 2017: Building a Home Lab for Offensive Security & Security Research
• 18 Sep 2017: Getting Started in Offensive Security
• 07 Aug 2017: Hacker Summer Camp 2017: Lessons Learned
• 05 Aug 2017: Hacker Summer Camp 2017: DEF CON
• 31 Jul 2017: Hacker Summer Camp 2017: Pros vs Joes CTF
• 18 Jul 2017: Hacker Summer Camp 2017 Planning Guide
• 19 May 2017: Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption
• 13 May 2017: Applied Physical Attacks and Hardware Pentesting
• 30 Apr 2017: DEF CON Quals 2017: beatmeonthedl
• 27 Apr 2017: Security Issues in Alerton Webtalk (Auth Bypass, RCE)
• 21 Mar 2017: Useful ARM References
• 19 Mar 2017: GOT and PLT for pwning.
• 15 Feb 2017: BSidesSF 2017
• 05 Jan 2017: SANS Holiday Hack Challenge 2016
• 04 Jan 2017: New Tool: sshdog
• 31 Dec 2016: Security at the End of 2016
• 24 Aug 2016: Posting JSON with an HTML Form
• 22 Aug 2016: ObiHai ObiPhone: Multiple Vulnerabilties
• 21 Aug 2016: (Slightly) Securing Wargame Servers
• 10 Aug 2016: HSC Part 3: DEF CON
• 10 Aug 2016: HSC Part 2: Pros versus Joes CTF
• 09 Aug 2016: HSC Part 1: Hardware Hacking with the Hardsploit Framework
• 08 Jul 2016: Hacker Summer Camp Planning Guide, Part II
• 08 May 2016: ASIS CTF 2016: firtog
• 08 May 2016: ASIS CTF 2016: Binary Cloud
• 08 May 2016: ASIS CTF 2016: 3magic
• 27 Apr 2016: Even shorter x86-64 shellcode
• 17 Apr 2016: PlaidCTF 2016: Butterfly
• 10 Apr 2016: Ham Fisted Legislators
• 04 Apr 2016: Women in Cybersecurity Summit
• 28 Mar 2016: Another Milestone: Offensive Security Certified Expert
• 24 Mar 2016: Finding My Inspiration
• 23 Mar 2016: Banning Encryption Will Fail... And It's a Bad Idea, Too
• 16 Mar 2016: (Tiny) Tool Release: Pwnpattern
• 28 Feb 2016: BSides SF: Saturday
• 27 Feb 2016: BSides Workshop
• 20 Feb 2016: BSides Seattle
• 18 Feb 2016: Hacker Summer Camp Planning Guide
• 28 Dec 2015: Offensive Security Certified Professional
• 21 Sep 2015: CSAW Quals 2015: Sharpturn (aka Forensics 400)
• 15 Sep 2015: What the LastPass CLI tells us about LastPass Design
• 16 Aug 2015: So, is Windows 10 Spying On You?
• 15 Aug 2015: Blue Team Player's Guide for Pros vs Joes CTF
• 13 Aug 2015: Hacker Summer Camp 2015: DEF CON
• 11 Aug 2015: Hacker Summer Camp 2015: BSides LV & Pros vs Joes CTF
• 20 Jun 2015: Playing with the Patriot Gauntlet Node (Part 2)
• 30 Oct 2014: Towards a Better Password Manager
• 14 Sep 2014: Getting Started in CTFs
• 13 Sep 2014: Getting Started in Information Security
• 10 Sep 2014: [CVE-2014-5204] Wordpress nonce Issues
• 04 Sep 2014: Security: Not a Binary State
• 12 Aug 2014: DEF CON 22 Recap
• 13 Jul 2014: Passing Android Traffic through Burp
• 04 Jul 2014: CVE-2014-4182 & CVE-2014-4183: XSS & XSRF in Wordpress 'Diagnostic Tool' Plugin
• 17 Jun 2014: Parameter Injection in jCryption
• 04 Jun 2014: Minimal x86-64 shellcode for /bin/sh?
• 03 Jun 2014: Secuinside Quals 2014: Simple Login
• 01 Jun 2014: Secuinside Quals 2014: Shellcode 100
• 01 Jun 2014: Secuinside Quals 2014: Javascript Jail (Misc 200)
• 30 May 2014: Weekly Reading List for 5/30/14
• 23 May 2014: Weekly Reading List for 5/23/14
• 21 May 2014: DEF CON 22 CTF Quals: 3dttt
• 20 May 2014: Book Review: The Hacker Playbook...
• 18 May 2014: DEF CON 22 CTF Quals: Hackertool
• 16 May 2014: Weekly Reading List for 5/16/14
• 12 May 2014: The Machine Inside the Machine
• 09 May 2014: Reading List for 5/9/2014
• 08 May 2014: Announcement: PwnableWeb Released
• 14 Apr 2014: PlaidCTF 2014: Conclusion
• 13 Apr 2014: PlaidCTF 2014: ReeKeeeee
• 13 Apr 2014: PlaidCTF 2014: mtpox
• 04 Apr 2014: Weekly Reading List for 4/4/14
• 10 Mar 2014: Boston Key Party: Mind Your Ps and Qs
• 26 Feb 2014: Integer Overflow Vulnerabilities
• 25 Feb 2014: Codegate 2014 Quals: 120
• 11 Feb 2014: printf Format String Exploitation
• 25 Jan 2014: Weekly Reading List for 1/25/14
• 20 Jan 2014: Ghost in the Shellcode 2014
• 19 Jan 2014: Ghost in the Shellcode 2014: Radioactive
• 19 Jan 2014: Ghost in the Shellcode 2014: Lugkist
• 19 Jan 2014: Ghost in the Shellcode 2014: Pillowtalk
• 17 Jan 2014: Weekly Reading List for 1/18/14
• 12 Jan 2014: LD_PRELOAD for Binary Analysis
• 12 Jan 2014: BreakIn CTF 2014
• 29 Sep 2013: DerbyCon CTF
• 09 Jun 2013: Boston Key Party -- MITM
• 29 Apr 2013: PlaidCTF Compression
• 23 Mar 2013: Lessons From the Nebula
• 05 Mar 2013: BSides SF CTF by MAD Security, Conclusion
• 03 Mar 2013: BSides SF CTF by MAD Security, Part 3
• 02 Mar 2013: BSides SF CTF by MAD Security, Part 2
• 01 Mar 2013: BSides SF CTF by MAD Security, Part 1
• 02 Dec 2012: Social Engineering: The Art of Human Hacking
• 10 Nov 2012: MITM on KVM Guests
• 26 Oct 2011: KSU Cyber Security Awareness Day 2011
• 31 Aug 2011: Git On Your Web Server: A Security Reminder
• 02 Mar 2011: Password Generating Webpages
• 27 Feb 2011: GnuPG: The What and the Why (For Me, Anyway)
• 18 Feb 2011: SSH across a Layer 7 Filter
• 25 Jan 2011: The Importance of Verifiable Security
• 27 Jun 2010: Who's screwed up worst?
• 24 Jun 2010: Twitter banned from misleading consumers 'for 20 years'
• 15 Sep 2008: SSH and GPG
• 06 May 2007: AOL: 8 Character Passwords?