Asymmetric Key Cryptography (And Hashes)

Thursday, April 20, 2023

Asymmetric Key Cryptography Asymmetric key cryptography (aka public key cryptography) is the concept of using a public and private key to encrypt and decrypt data. The public and private keys are linked mathematically. In asymmetric cryptography both Steve and Meg will use their own unique private keys to encrypt a message. In the example below Meg uses Steve’s public key to encrypt a message for Steve’s eyes only. Once Steve receives the message he can decrypt by using his private key.…more

Symmetric Key Cryptography at a Glance

Thursday, March 31, 2022

Symmetric Key Cryptography Cryptography is very, very complex… As it should be. It keeps us and our data safe and secure. This write-up will provide an overview of Symmetric Key Cryptography Cryptography - What’s The Point? There are many use cases for cryptography, but the most obvious is confidentiality. We want to ensure our private data remains private. Simple as that. Cryptography can also be used to ensure integrity, Nonrepudiation, and authentication…more

Fixing My Canon Sure Shot Supreme

Wednesday, January 20, 2021

I got my hands on a Canon Sure Shot Supreme not too long ago. In Japan it was called the Autoboy 3 & in Europe it was known as Top Shot. It’s a 35mm point-and-shoot camera made in 1986. The European based Expert Imaging and Sound Association (EISA) voted the canon camera as the best compact camera of 1986-1987. Needless to say I was excited when I got one.…more

Using Favicon Hashing for Continuous Monitoring

Sunday, October 25, 2020

CONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLER I started listening to the Cloud Security Podcast this past month. Great digestible interviews with security professionals from different fields. This episode really caught my attention when they discussed bug bounty hunters using a continuous monitoring technique involving favicon hashes. What’s a favicon: A favicon is the tiny logo you see in the tab section of your browser. For instance you should (if on a desktop browser) see this little egg next to the title of this page.…more

What I've Learned About Photography in the Past Month-ish

Monday, July 20, 2020

3 years ago I traded a watch (nothing fancy) for a Nikon D5000 Camera. My first Digital SLR (DSLR) camera. It came with the well-rounded stock lens, an 18-55mm f/3.5-5.6, and no battery. The Nikon D5000 was discontinued in November of 2010 so it’s safe to say this was an oldie… but a goodie. I took thousands of photos with it. I Generally stuck with the “auto” mode, with the occasional “I know what I’m doing aperture priority mode” (these photos never came out the way I wanted), and I never had a passion for an upgrade.…more

Linux Privilege Escalation with LinEnum

Wednesday, May 27, 2020

Linux privilege escalation can be a weak point for many penetration testers. Scripts such as LinEnum have attempted to make the process of finding an attack vector easier; However, it can be hard to digest the results if you don’t know what to look for. Below are my notes on uploading the LinEnum.sh script to a remote machine, running the script, and reading the results. DISCLAIMER - I used a retired HTB machine (OpenAdmin) as my remote victim machine.…more

Attacking Kerberos W/ AS-REP Roasting

Tuesday, April 14, 2020

What is Kerberos Kerberos, developed by MIT, is a network authentication protocol used in Active Directory most commonly running on port 88 with password management on port 464. The Kerberos protocol enables a client/user to identify itself to a server (and vice versa) across a network - thus providing strong authentication. However, Kerberos does not Authorize which services the client/user can access (this is normally done by LDAP). Prerequisites Kali Linux Impacket Grab the latest stable release, unpack it and run ‘pip install .…more

Active Directory Notes

Saturday, April 4, 2020

I have a very basic understanding of Active Directory, sometimes that’s enough to get by, and sometimes it’s not. Below are some notes I took to help with the basic understanding as well as some more advanced principals. These notes will not make you go from “0 -> Hero” but should help you on your way to a better understanding of the Windows Architecture. DISCLAIMER - I am not a sysadmin, nor am I trying to come off as one, the below are just notes taken to help my understanding on the topic.…more

First Post!

Wednesday, February 5, 2020

Here we are. First post! Really excited to get this page started and to build up some content. What that content will be… not exactly sure yet… I assume it will be a some combination of cybersecurity & whatever I’m into at the moment (which changes quite a bit, maybe this website will change that?) So what’s the deal - why start a website if I’m not even sure what’s going to be on it?…more