ropnop blog
  • Posts
  • Conference Talks
  • Tags
  • Series
ropnop blog

ropnop blog


A place to dump things I find interesting and think others might want to know

How to Store Session Tokens in a Browser (and the impacts of each)

 Posted on October 3, 2020  |  ropnop

A common question when building a SPA is: where do I store my session tokens? I'll talk through the main options and the pros/cons of each [Read More]
javascript  browser  cookies  tokens 

Learning Go Concurrency From Factorio

 Posted on June 28, 2020  |  ropnop

Go's concurrency model confused me at first, but it finally clicked when I thought of it like building an assembly line in Factorio [Read More]
go 

Hosting the CLR and executing .NET assemblies from Go

 Posted on March 15, 2020  |  ropnop

Write up of my journey figuring out how to host the CLR and execute .NET assemblies from memory in pure Go. [Read More]
golang  windows  .net  clr 

Proxying and Intercepting CLI Tools

 Posted on February 9, 2020  |  ropnop

Sometimes you need to intercept traffic from CLI tools. In this post I cover using Burp to intercept traffic from Java, Python, Node and Go CLIs [Read More]
burp  proxy  python  java  node  go 

Docker for Pentesters

 Posted on July 18, 2019  |  ropnop

Docker has become such an integral part of my worfklow recently. These examples should demonstrate how Docker can help you be a more efficient pentester [Read More]
docker  pentest  impacket  linux  smb  windows 

Attacking Default Installs of Helm on Kubernetes

 Posted on January 28, 2019  |  ropnop

Default installations of Helm on Kubernetes can make it trivial for attackers to escalate to cluster admin. In this post I'll demonstrate how. [Read More]
pentest  kubernetes  helm  tiller  gke 

Serverless Toolkit for Pentesters

 Posted on November 11, 2018  |  ropnop

Serverless functions have so much potential - here's a few useful examples I use when pentesting or doing bug bounties. Who needs testing infrastructure? [Read More]
docker  pentest  serverless 

Extracting SSH Private Keys From Windows 10 ssh-agent

 Posted on May 20, 2018  |  ropnop

The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here's how to extract unencrypted saved private keys from the registry [Read More]
windows  ssh  powershell  openssh  rsa  pentest 

Configuring Burp Suite With Android Nougat

 Posted on January 18, 2018  |  ropnop

Android Nougat changed the default behavior for apps, so installing the Burp CA to user certs no longer works. Here's two ways to bypass it [Read More]
android  burp  nougat 

SANS Holiday Hack 2017 Writeup

 Posted on January 18, 2018  |  ropnop

The SANS team hit another homerun with the HHC including awesome challenges that mimicked real-world pentest activities. Here's my solutions! [Read More]
sans  writeup  pentest  holidayhack 
SANS Holiday Hack Write-ups 
  • Older Posts →

ropnop  • © 2020  •  ropnop blog

Hugo v0.63.2 powered  • Modified theme based on Beautiful Hugo