Psychological Issues in the Security Industry

I've unfortunately had the experience of dealing with a number of psychological issues (either personally or through personal connections) during my tenure in the security fold. I hope to shed some light on them and encourage others to take them seriously.

socat as a handler for multiple reverse shells

I needed a way to handle multiple reverse shells calling back to the same C2 host. It's a little convoluted, but I found a way to receive multiple incoming sessions and multiplex them into tmux windows.

TP-Link Kasa App: SSL Verification Disabled (Fixed)

For an unknown period of time prior to December 2017, the Kasa "Smart Home" control application for Android failed to validate any TLS certificates when communicating to TP-Link's servers. This app is used for control of the company's line of smart plugs, light bulbs, and home hub, and affected all phases of the use of the app, including user registration, authentication, and device control.

A Cheap and Compact Bench Power Supply

I wanted a bench power supply for powering small projects and devices I'm testing. I ended up with a DIY approach for around $30 and am very happy with the outcome. It's a simple project that almost anyone can do and is a great introductory power supply for any home lab.

Even With the Cloud, Client Security Still Matters

Despite the move of resources to the cloud, security of your clients and endpoints remains important. Some believe that only servers need to be secured, but it's important to remember that the clients with access to servers are equally vulnerable to compromise and use to gain access.