Skip to content

passkwall.net

Hacking, Red Teaming, Offensive Engineering

Menu
  • /home
  • /about
  • /github
  • /linkedin
  • /youtube
Menu

Finding security bugs across a codebase for beginners

Posted on January 26, 2023January 27, 2023 by passkwall

A while back I was interviewing for a security role at a rather large company annd a big focus was finding bugs across different projects. Without going into a ton of detail, it’s safe to say that I didn’t exactly land that job at the time. Coming from a pentest/red-teaming track into a more general…

Continue reading
The "Lost Highway" of security.

How I transitioned into security, and what I would do differently (2022 edition)

Posted on October 13, 2022October 13, 2022 by passkwall

I was visiting my parents over the winter holiday back in 2018. The cold air nipped at my bare arms and the North East Coast breeze was a stark reminder of how much colder it gets versus the warmth of the West Coast; I was running outside to catch a phone call. My fingers had…

Continue reading

Securing your CI: How to determine what matters most

Posted on September 14, 2022September 16, 2022 by passkwall

Over the last few weeks, I’ve been working to inject security tooling into the CI (continuous integration) pipeline. Coming from a background that’s primarily red-teaming, offensive security, and even a bit of compliance, there have been some learning curves for adapting security tooling to fit your organization’s needs. Given I’m a rather small security team,…

Continue reading

What the OSCP doesn’t prepare you for in the workforce, and how to get caught up!

Posted on April 29, 2022 by passkwall

When I took my OSCP exam, I had less than two years of professional experience in the security space. While I did some of my own learning in terms of webapp testing, hackthebox scenarios, and the PWK (Pentesting with Kali) material, it doesn’t replace working alongside your peers on a security team. I did, and…

Continue reading

Docker Cache Poisoning – Part 1

Posted on April 5, 2022April 6, 2022 by passkwall

Introduction Docker is amazing – period. Having used Docker in personal and professional settings has been incredibly useful. The big idea here is that if an application can be “containerized” using Docker, it can run anywhere the Docker engine is installed. Most importantly, and interestingly, Docker containers can be configured to run just about anything….

Continue reading

Homoglyphs and Bypassing Web Application Controls

Posted on March 21, 2022March 22, 2022 by passkwall

As with most articles I write, this post comes from a particular engagement where I was tasked with re-testing fixes engineers put in place for a XSS (Cross-Site Scripting) vulnerability. While the details of the exploit will not be discussed here, the bypass technique using homoglyphs are fair game. What’s a ‘Homoglyph’? According to Wikipedia,…

Continue reading

Unique – Retired HackTheBox Hardware Challenge

Posted on March 15, 2022March 17, 2022 by passkwall

I’ve been staring at the Hardware section of HackTheBox for a long time now. Having had a past career in the automotive world myself, I finally decided to give Unique a go. The goal here is to find the VIN of the car that is repeated over and over again. Here’s what you’ll learn: Serial/CAN…

Continue reading

Visualizing Network Scans and Identifying Relationships with Neo4j

Posted on March 11, 2022March 13, 2022 by passkwall

Networks can be gigantic, period. Scanning from different network vantage points can also be challenging. The more and more I started getting into the weeds of a networking using Masscan and Nmap, the harder it was for me to make visual sense of its topology. Sure, I could use spreadsheets like everyone else but this…

Continue reading

A week without “why” and how it changed my thinking

Posted on March 11, 2022April 7, 2022 by passkwall

Truth be told, and if I’m being a bit candid, I really dislike the word “why”. Now, if you find yourself asking inside your head, “but why?” then this article might be for you. Some of the explanations in this article might be overly simplified, but I still encourage the underlying concepts to be explored….

Continue reading

How to set up (and secure) a Samba media server for Chromecast usage (in 20 minutes or less!)

Posted on March 11, 2022April 7, 2022 by passkwall

Over the last few months, my primary focus has been hacking. As an attacker, seeing file-sharing systems like Samba, FTP, and NFS get me excited to find loot! However, in my downtime, I love to partake in movie watching from my ever-growing DVD collection. The problem is that I love using my Chromecast. The solution…

Continue reading
  • 1
  • 2
  • Next

Search blogs + topics

Recent Blogs

  • Finding security bugs across a codebase for beginners
  • How I transitioned into security, and what I would do differently (2022 edition)
  • Securing your CI: How to determine what matters most
  • What the OSCP doesn’t prepare you for in the workforce, and how to get caught up!
  • Docker Cache Poisoning – Part 1

Topics

  • Hacking
  • Hackthebox
  • Mindset
  • OSCP
  • Tools
  • Tutorials
  • Uncategorized
  • /home
  • /about
  • /github
  • /linkedin
  • /youtube
© 2023 passkwall.net | Powered by Minimalist Blog WordPress Theme