A common question when building a SPA is: where do I store my session tokens? I'll talk through the main options and the pros/cons of each
[Read More]
Learning Go Concurrency From Factorio
Go's concurrency model confused me at first, but it finally clicked when I thought of it like building an assembly line in Factorio
[Read More]
Hosting the CLR and executing .NET assemblies from Go
Write up of my journey figuring out how to host the CLR and execute .NET assemblies from memory in pure Go.
[Read More]
Proxying and Intercepting CLI Tools
Sometimes you need to intercept traffic from CLI tools. In this post I cover using Burp to intercept traffic from Java, Python, Node and Go CLIs
[Read More]
Docker for Pentesters
Docker has become such an integral part of my worfklow recently. These examples should demonstrate how Docker can help you be a more efficient pentester
[Read More]
Attacking Default Installs of Helm on Kubernetes
Default installations of Helm on Kubernetes can make it trivial for attackers to escalate to cluster admin. In this post I'll demonstrate how.
[Read More]
Serverless Toolkit for Pentesters
Serverless functions have so much potential - here's a few useful examples I use when pentesting or doing bug bounties. Who needs testing infrastructure?
[Read More]
Extracting SSH Private Keys From Windows 10 ssh-agent
The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here's how to extract unencrypted saved private keys from the registry
[Read More]
Configuring Burp Suite With Android Nougat
Android Nougat changed the default behavior for apps, so installing the Burp CA to user certs no longer works. Here's two ways to bypass it
[Read More]
SANS Holiday Hack 2017 Writeup
The SANS team hit another homerun with the HHC including awesome challenges that mimicked real-world pentest activities. Here's my solutions!
[Read More]