A tool to smuggle binaries through Imgur, allowing a botmaster to send binaries to victims without the victims needing to find the controller's domain or ip.
Using IP Reputation list to alert for SolarWinds Sunburst activity in Security Onion
Part 4 in the series about establishing a SOC Workstation using Security Onion to monitor your homelab. We're getting into IP Reputation in Suricata. And trying to get around docker and SaltStack to do so in Security Onion.
Security Onion + Proxmox Testing: Endpoint Reporting
Part 3 in the series about establishing a SOC Workstation using Security Onion to monitor your homelab. This post is dedicated to setting up endpoint reporting on all our hosts across the network.
Security Onion + Proxmox Testing: Will it sniff?
Part 2 in the series about establishing a SOC Workstation using Security Onion to monitor your homelab. This post is dedicated to making sure Security Onion is working in a Proxmox homelab environment.
Set up Security Onion to monitor your Proxmox Home Lab
How I'm using Security Onion to set up a SOC Workstation to monitor my virtualized homelab and setting up a threat lab. Here's how I started with Proxmox and Open vSwitch.
Hacktivitycon CTF: Hashbrown Casserole
My writeup for a scripting challenge in this years Hacktivitycon.
Hackerone CTF: Micro-CMS v2
My experience with a harder-than-advertised sql injection ctf.
SonarQube vs OWASP Top Ten
Feeding NodeGoat to SonarQube to see how much of the OWASP Top Ten is caught in this static analysis tool.
aws-creds-check - a bash script
If only the aws cli would let you call get-caller-identity with apikey and secret as arguments, I wouldn't have to write this.
NoSQL and urlencoded
Discoveries on bodyParser.urlencoded unintentional impedance of nosql injection attacks
NPM Dependents - a bash script
A script to list all packages which depend on a specific node package
Audit Log Dashboard
Very basic dashboard for auditd logs.