Posts

A guide to setting up a Tor bridge using Docker containers, including reviewing the setup script for security and configuring the bridge to help users in censored regions access the open internet.

I gave a talk at HouSecCon 2019 about building an offensive security department from scratch at a global energy company. Includes slides and video recording of the presentation.

A walkthrough of evaluating and implementing different PowerShell keylogger options for an cyber investigation, including testing simple keyloggers, PowerSploit, Nishang, and customizing a solution based on Shima’s keylogger.

Been a while since I did a blog post, but figured I’d jump on the bandwagon of Hack The Box writeups for retired boxes. Got the message that Valentine was being released on 2018-02-17 and retiring Shocker, which was a nice little box that I had managed to own user and system. So I thought I’d writeup my approach and observations. Run through a quick nmap, see what we’re working with. Since it’s an easy box, common ports should trigger something: ...

Due to a string of events in a recent forensics investigation, our InfoSec department had ourselves an abandoned graphics design desktop with an NVIDIA Quadro K5000. With this windfall, I decided this was a good time to try out something I saw from the folks at shellntel, but with only 1 GPU instead of 8. Gotta start somewhere. Following their article, I learned a couple of things that I thought I’d share. ...