-
Why GitLab Container Scan Results Might Not Match Trivy
Sometimes you may see different vulnerabilities when Trivy is run locally vs when GitLab container scan runs. Here are some reasons why.
-
Zero Downtime API Shared Secret Rotation
A demonstration of how an API could rotate its shared secret with zero down time
-
Lets Build A CI Pipeline Threat Model
Lets build a threat model of a CI pipeline for fun
-
Switching to Windows Part 1
Taking the plunge on a Windows based laptop after years using OS X and Linux based devices
-
Build A Web Site/App Quick and Cheap!
Cheapest and fastest ways to get your project online
-
Amazon ECR Image Scanning Gotchas
Things you should know about the "vulnerabilities" ECR image scan results report
-
Practical Malware Analysis: Lab 3-3
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 3-3 malware.
-
Practical Malware Analysis: Lab 3-2
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 3-2 malware.
-
Practical Malware Analysis: Lab 3-1
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 3-1 malware.
-
Kankun Smart Plug Network Decryption
In the first blog post about the Kankun smartplug, the Android application was decompiled and the AES-256 bit encryption key was found. In this blog post, the network traffic between the mobile app and smartphone will be captured, the network traffic will be decrypted utilizing a script from Payatu and the encryption key found previously, and the Kankun Smartplug will be controlled via the Kankun Controller Script from 0x00string
-
Practical Malware Analysis: Lab 1-4
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 1-4 malware.
-
Practical Malware Analysis: Lab 1-3
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 1-3 malware.
-
Practical Malware Analysis: Lab 1-2
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 1-2 malware.
-
Practical Malware Analysis: Lab 1-1
Walkthrough of the processes followed to analyze the Practical Malware Analysis Lab 1-1 malware.
-
Kankun Smart Plug Analysis
During the Offensive Internet Of Things course, the Kankun Smart Plug is analyzed in various ways including: using Jadx to decompile and analyze the mobile app, acquiring and analyzing the device's firmware, and a nalyzing the network traffic.
-
Asus RT-N15U Firmware Analysis
For the next firmware analysis task of the Offensive Internet Of Things Exploitation final project, I decided to analyze the Asus RT-N15U firmware version 3.0.0.4.376.3754. The following is the process I used to backdoor, emulate, and analyze this firmware as well as any security issues I could find.
-
TP-Link TL-WR810N Firmware Analysis
For one of the projects for the Offensive Internet Of Things Exploitation final exam I decided to try to analyze the firmware for the TP-Link TL-WR810N
-
Nand Glitching Wink Hub For Root
During the Offensive Internet Of Things Exploitation course the instructor demonstrates a technique called a "NAND Glitch" on a Wink Connected Home Hub IoT device. This technique allows a root shell to be acquired on a device which normally does not provide console access. This post outlines the process I used to replicate the NAND Glitch as well as discusses some of the "gotchas" that I encountered along the way.
-
Mounting Virtualbox Shared Folder in Manjaro Guest
Everytime I setup a Linux vm in Virtualbox and attempt to get shared folders working, I always run into issues. I decided to create a blog post to save my self the trouble of Googling so that I have the information in one place. In the various distros I have encountered issues with, Manjaro being the most recent, the issues have seemed to have been addressed by three things.
-
Haskell YAML Config
A quick example of reading a yaml config file in Haskell.
-
Haskell TCP Fuzzer
An example TCP fuzzer written in Haskell
-
Linux Daemon
How to write a Linux daemon.
-
Opcode Script
Opcodes from Assembly Instructions
-
SLAE Problem 7: Create a Custom Crypter
SLAE Problem 7: Create a Custom Crypter
-
SLAE Problem 6: Shell-Storm.com Shellcode Analysis and Polymorphic Modification
SLAE Problem 6: Shell-Storm.com Shellcode Analysis and Polymorphic Modification
- Older posts