Security

• GPU Accelerated Password Cracking in the Cloud: Speed and Cost-Effectiveness (05 Jun 2021)
• Hacker Holiday Gift Guide - 2020 Edition (26 Nov 2020)
• Security 101: Beginning with Kali Linux (03 Jul 2020)
• Hacker Culture Reading List (26 Jun 2020)
• Private CA with X.509 Name Constraints (14 Jun 2020)
• Book Review: Operator Handbook (25 May 2020)
• Everyone in InfoSec Should Know How to Program (22 May 2020)
• Announcing TIMEP: Test Interface for Multiple Embedded Protocols (08 May 2020)
• So You Want a Red Team Exercise? (17 Apr 2020)
• CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry (23 Aug 2019)
• Hacker Summer Camp 2019: CTFs for Fun & Profit (19 Aug 2019)
• Hacker Summer Camp 2019: What I'm Bringing & Protecting Yourself (27 Jul 2019)
• So You Want to Red Team? (26 Mar 2019)
• Certifications Aren't as Big a Deal as You Think (15 Mar 2019)
• Understanding Shellcode: The Reverse Shell (30 Oct 2018)
• Course Review: Software Defined Radio with HackRF (14 Sep 2018)
• "Entry-Level" Security Jobs and Experience (27 Aug 2018)
• Hacker Summer Camp 2018: Wrap-Up (25 Aug 2018)
• I'm the One Who Doesn't Knock: Unlocking Doors From the Network (10 Aug 2018)
• Pros vs Joes CTF: The Evolution of Blue Teams (19 Jun 2018)
• Hacker Summer Camp 2018: Prep Guide (26 May 2018)
• How the Twitter and GitHub Password Logging Issues Could Happen (03 May 2018)
• The IoT Hacker's Toolkit (16 Apr 2018)
• OpenSSH Two Factor Authentication (But Not Service Accounts) (03 Mar 2018)
• Preparing for Penetration Testing with Kali Linux (14 Feb 2018)
• Book Review: Red Team by Micah Zenko (10 Feb 2018)
• Security Is Not an Absolute (05 Feb 2018)
• Playing with the Gigastone Media Streamer Plus (28 Jan 2018)
• Psychological Issues in the Security Industry (26 Jan 2018)
• socat as a handler for multiple reverse shells (20 Jan 2018)
• TP-Link Kasa App: SSL Verification Disabled (Fixed) (16 Jan 2018)
• Even With the Cloud, Client Security Still Matters (27 Dec 2017)
• [CVE-2017-17704] Broken Cryptography in iStar Ultra & IP ACM by Software House (18 Dec 2017)
• 2017 Hacker Holiday Gift Guide (22 Nov 2017)
• Hardware Hacking, Reversing and Instrumentation: A Review (11 Nov 2017)
• Building a Home Lab for Offensive Security & Security Research (24 Oct 2017)
• Hacker Summer Camp 2017: DEF CON (05 Aug 2017)
• Hacker Summer Camp 2017: XXV Badge (31 Jul 2017)
• Hacker Summer Camp 2017: Pros vs Joes CTF (31 Jul 2017)
• Hacker Summer Camp 2017 Planning Guide (18 Jul 2017)
• Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption (19 May 2017)
• Applied Physical Attacks and Hardware Pentesting (13 May 2017)
• Security Issues in Alerton Webtalk (Auth Bypass, RCE) (27 Apr 2017)
• SANS Holiday Hack Challenge 2016 (05 Jan 2017)
• New Tool: sshdog (04 Jan 2017)
• Security at the End of 2016 (31 Dec 2016)
• ObiHai ObiPhone: Multiple Vulnerabilties (22 Aug 2016)
• (Slightly) Securing Wargame Servers (21 Aug 2016)
• Matir's Favorite Things (20 Aug 2016)
• Chrome on Kali for root (24 Jul 2016)
• ASIS CTF 2016: firtog (08 May 2016)
• ASIS CTF 2016: Binary Cloud (08 May 2016)
• ASIS CTF 2016: 3magic (08 May 2016)
• Even shorter x86-64 shellcode (27 Apr 2016)
• Ham Fisted Legislators (10 Apr 2016)
• Another Milestone: Offensive Security Certified Expert (28 Mar 2016)
• Finding My Inspiration (24 Mar 2016)
• Banning Encryption Will Fail... And It's a Bad Idea, Too (23 Mar 2016)
• BSides Seattle (20 Feb 2016)
• Offensive Security Certified Professional (28 Dec 2015)
• CSAW Quals 2015: Sharpturn (aka Forensics 400) (21 Sep 2015)
• What the LastPass CLI tells us about LastPass Design (15 Sep 2015)
• So, is Windows 10 Spying On You? (16 Aug 2015)
• Hacker Summer Camp 2015: DEF CON (13 Aug 2015)
• Hacker Summer Camp 2015: BSides LV & Pros vs Joes CTF (11 Aug 2015)
• Playing with the Patriot Gauntlet Node (Part 2) (20 Jun 2015)
• Towards a Better Password Manager (30 Oct 2014)
• Dangers of decorator-based registries in Python (26 Oct 2014)
• Getting Started in CTFs (14 Sep 2014)
• Getting Started in Information Security (13 Sep 2014)
• [CVE-2014-5204] Wordpress nonce Issues (10 Sep 2014)
• Security: Not a Binary State (04 Sep 2014)
• DEF CON 22 Recap (12 Aug 2014)
• Weekly Reading List for 8/2/14 (02 Aug 2014)
• Passing Android Traffic through Burp (13 Jul 2014)
• CVE-2014-4182 & CVE-2014-4183: XSS & XSRF in Wordpress 'Diagnostic Tool' Plugin (04 Jul 2014)
• Parameter Injection in jCryption (17 Jun 2014)
• Minimal x86-64 shellcode for /bin/sh? (04 Jun 2014)
• Secuinside Quals 2014: Simple Login (03 Jun 2014)
• Secuinside Quals 2014: Shellcode 100 (01 Jun 2014)
• Secuinside Quals 2014: Javascript Jail (Misc 200) (01 Jun 2014)
• Weekly Reading List for 5/30/14 (30 May 2014)
• On the TrueCrypt Saga (29 May 2014)
• Weekly Reading List for 5/23/14 (23 May 2014)
• DEF CON 22 CTF Quals: 3dttt (21 May 2014)
• Book Review: The Hacker Playbook... (20 May 2014)
• DEF CON 22 CTF Quals: Hackertool (18 May 2014)
• The Machine Inside the Machine (12 May 2014)
• Reading List for 5/9/2014 (09 May 2014)
• Announcement: PwnableWeb Released (08 May 2014)
• Book Review: Red Team Field Manual (02 May 2014)
• A Brief History of the Internet (Security-Wise) (15 Apr 2014)
• PlaidCTF 2014: Conclusion (14 Apr 2014)
• PlaidCTF 2014: ReeKeeeee (13 Apr 2014)
• PlaidCTF 2014: mtpox (13 Apr 2014)
• Weekly Reading List for 4/4/14 (04 Apr 2014)
• Boston Key Party: Mind Your Ps and Qs (10 Mar 2014)
• Integer Overflow Vulnerabilities (26 Feb 2014)
• Codegate 2014 Quals: 120 (25 Feb 2014)
• Weekly Reading List for 2/15/14 (15 Feb 2014)
• printf Format String Exploitation (11 Feb 2014)
• Weekly Reading List for 2/8/14 (08 Feb 2014)
• Weekly Reading List for 2/1/14 (01 Feb 2014)
• Weekly Reading List for 1/25/14 (25 Jan 2014)
• Ghost in the Shellcode 2014 (20 Jan 2014)
• Ghost in the Shellcode 2014: Radioactive (19 Jan 2014)
• Ghost in the Shellcode 2014: Lugkist (19 Jan 2014)
• Ghost in the Shellcode 2014: Pillowtalk (19 Jan 2014)
• Weekly Reading List for 1/18/14 (17 Jan 2014)
• LD_PRELOAD for Binary Analysis (12 Jan 2014)
• BreakIn CTF 2014 (12 Jan 2014)
• DerbyCon CTF (29 Sep 2013)
• A Career Plan (06 Nov 2011)
• Martian Packet Messages (05 Nov 2011)
• Git On Your Web Server: A Security Reminder (31 Aug 2011)
• GnuPG: The What and the Why (For Me, Anyway) (27 Feb 2011)
• SSH across a Layer 7 Filter (18 Feb 2011)
• Why the risk of running as root is overblown (30 Jul 2010)