OSINT Challenge: Gralhix Challenge 005
This blog will focus on solving an OSINT (Open-Source Intelligence) challenge put out by Sofia Santos (“Gralhix”), a very skilled OSINT practitioner and contributor at the Center for Information Resilience […]
how to
Credential Dumping Protections: Part 2 – Bypass LSA Protection
Welcome to Part 2 of the Windows Credential Dumping Protection series! If you are completely unfamiliar with Credential Dumping or LSA Protection, please check out Part 1! What Is LSA […]
Basics Of Soldering: Guide For Tech Enthusiasts
In the realm of technology, soldering holds significant importance. Whether you’re working with electronic devices or constructing tech projects, having a solid foundation in soldering is essential. This comprehensive guide […]
Credential Dumping Protections: Part 1 – LSA Protection
What Is Credential Dumping? In a Windows environment, users authenticate to their machines (either locally or remotely) with their username and password. Behind the scenes, Windows hands off all authentication […]
Hashcat Quick Guide Techniques & Tips
Password Cracking has its own large methodology when it comes to targeted methods of cracking passwords. You can consider English and other language models, passphrases, 1337sp34k translations, case MoDiFCaTiOn, distributed […]
How I Got Free Propane (Lock Picking) & YOU Can Too!
Lock Picking Guide To Propane Cage Locks Howdy folks! This blog post will be a quick explanation of how lock picking can improve your everyday life. I will give a […]
Sony Bravia Remote Code Execution Disclosure
Sony Bravia Overview Sony’s BRAVIA Signage (1) is an application to deliver video and still images to Pro BRAVIAs and manage the information displayed across a network. Features include management […]
Flipper Fanclub: Part 2 – Updating Flipper Zero
Updating Your Flipper Zero: A Guide to Firmware Updates (RogueMaster Edition) NOTE: Flipper Fanclub Part 1 is located here! The Flipper Zero is a powerful and versatile device, but like […]
Using DNS To Bypass SSRF Protections
On a recent web application penetration test, I identified a classic server-side request forgery (SSRF) vulnerability that used a Denylist in an attempt to prevent active exploitation. This post details […]
Retrieving Google Task Data
Working in a cloud environment, like C-suite, can be very convenient. They provide lots of functionality and tools to get the job done with supporting APIs to programmatically leverage them. […]