Commentaries
Commentaries
Occasionally I have thoughts to share about technology, security, hacking, or some combination thereof.
Link to original
2022 Aug 15| Notes from HOPE and DEF CON
2022 Nov 27| Trying (and failing) to deploy a smart contract using an iPad Pro
Tales
Tales
Walk-throughs of some of the online CTFs I’ve done. These are all in narrative form so you can see my entire process — including some dead ends!
Link to original
2020 Jul 27| Bandit
2021 Oct 10| Pickle Rick
2021 Nov 04| Basic pentesting
2021 Dec 07| Ice
2021 Dec 08| Blaster
2021 Dec 14| Overpass 2: Hacked
2021 Dec 30| Attacktive Directory
2022 Jan 02| Retro
2022 Jan 30| Tools‘R’us
2022 Feb 01| Inclusion
2022 Feb 02| Jurassic Park
2022 Apr 03| Net sec challenge
2023 Apr 27| Union
Spellbook
Spellbook
A variety of notes about hacking, written for my own reference. Some notes date to the beginning of my cybersecurity journey and are very basic, while others come from later in my career and are more advanced. May you find something useful here.
IMPORTANT
The “Spellbook” is my more organized collection of notes. Most of these include or link to shorter notes about specific topics, called “spells”. There are many more spells than are included in the spellbook! Use the search at left, or just expand the “Spells” folder, if you’re looking for a specific spell.
Protocols
- ARP
- CIFS
- DCERPC
- DRSUAPI
- FTP
- FTPS
- HTTP
- ICMP
- IMAP
- IPSec
- IPv4
- Kerberos
- NFS
- POP3
- SIP
- SMTP
- TCP
- Telnet
- UDP
Operating systems
Languages
Applications
- Aircrack-NG
- awk
- basenc
- Burp Suite
- cat
- certutil
- cewl
- crackmapexec
- CUPP
- dig
- dir
- enum4linux
- Evil-WinRM
- ffmpeg
- find
- findstr
- finger
- ftp
- fuff
- gdb
- gobuster
- grep
- Harvester
- Hashcat
- Hydra
- icacls
- iftop
- Impacket
- ipconfig
- John the Ripper
- Kerbrute
- less
- man
- Metasploit
- Mimikatz
- more
- MS SQL
- MySQL
- Nano
- nbtscan
- net
- netcat
- netsh
- netstat
- Nikto
- Nmap
- Node.js
- nslookup
- Oracle SQL Server
- OWASP ZAP
- ping
- Polkit
- PowerShell
- ps
- reg
- Rubeus
- runas
- smbclient
- smbget
- smbmap
- socat
- SQLMap
- ss
- SSH
- sudo
- systemctl
- systeminfo
- tar
- tcpdump
- tmux
- unbuffer
- ViM
- wfuzz
- whoami
- winrs
- Wireshark
- wmic
- XFreeRDP
- Xterm
- xxd
- youtube-dl
General knowledge
- Classic Windows login and lock screen hacks
- Easy reverse DNS lookups
- Equivalent Windows and *NIX commands
- “Gemini compatible” Markdown
- HTML applications
- iOS quirks
- JSON Web Tokens (JWTs)
- Magic numbers
- MITRE ATT&CK emulation plans
- Regex metacharacters
How to…
Link to original
- How to add Windows users at the command line
- How to automate Netlify builds with IFTTT
- How to change a branch name in Git
- How to change a key passphrase with OpenSSL
- How to compact VM disk images
- How to confirm the existence of a Gmail address
- How to create a GPG Key (with SSH support!)
- How to export highlights and annotations from Kobo eReaders
- How to extract the webpage title from a URL
- How to find and replace a single line in a large text file
- How to fix EXIF data on Google Photos exports
- How to get an SSL certificate
- How to load a shell with a simple executable
- How to look up unicode and emoji symbols
- How to pull SSL certificates from an external server
- How to quickly bypass ssh-agent
- How to quickly find the canonical path of a file
- How to remove duplicate lines in Bash
- How to set the PATH in a session
- How to upgrade PostgreSQL
- How to use an alternate SSH key with Git
- How to use curl and jq with web APIs
- How to use OpenSSL to encrypt and decrypt files