A New Consultant’s 1st Con - Wild West Hackin Fest - Way West 2021
Last month, I found myself Googling: Is weed legal in Nevada? This was the day after arriving in Reno for Wild West Hacking Fest – Way West 2021. I...
Professionally Evil Insights
Search for keywords or individual blog posts
Posts
Linux X86 Assembly - How to Make Our Hello World Usable as an Exploit Payload
Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly. While this can help us learn x86 assembly, it...
The Best Way to Capture Traffic in 2021
How can we do analysis without Wireshark? For Linux and macOS that utility has been tcpdump for quite a while; In Windows, we can use netsh.
Run as Admin: Executive Order on Cybersecurity
On May 12, 2021, President Biden issued an executive order on cybersecurity. This new order combines many trends we’re already seeing in the Fortune...
Linux X86 Assembly - How to Build a Hello World Program in GAS
Overview In the last tutorial, we covered how to build a 32-bit x86 Hello World program in NASM. Today, we will cover how to do the same thing, but...
Linux X86 Assembly - How to Build a Hello World Program in NASM
Overview A processor understands bytecode instructions specific to that architecture. We as humans use mnemonics to make building these instructions...
AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start
Seamless and unobtrusive security is the future. We are huge advocates of shifting left and moving security testing earlier in the development...
A Hacker’s Tour of the X86 CPU Architecture
Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures...
Three Excellent API Security Practices Most People Neglect
We are very much in the age of APIs. From widely-used single-purpose products like Slack to cloud-based solutions like Amazon Web Services (AWS) and...
LD_PRELOAD: How to Run Code at Load Time
Today I want to continue the series on using LD_PRELOAD. In previous posts, we covered how to inject a shared object binary into a process, and...
Announcing Burp Co2!
This is for those of you who do web pen testing with Portswigger’s Burp proxy tool! Over the past couple of months I have been using my Java skills...
Converting NMAP XML Files to HTML with xsltproc
NMAP is a wonderful network scanner and its ability to log scan data to files, specifically XML, helps quite a bit. This enables the scan data to be...