Articles

Dynamic DNS (DDNS), the way to access your network devices at home from remote locations without static IP. But what if you already own a domain?

Just received the email this morning that I passed the Penetration Testing with Kali Linux exam and obtained my Offensive Security Certified Professional (OSCP) certification. Hooray!

On many trips and holidays I find public Wi-Fi hotspots, e.g. in hotels or bars, which use a “captive portal” where you have to authenticate before you are allowed to access the internet.

With the new Kali 2019.4 release, Kali comes with an ‘undercover’ mode which make the Kali desktop look like Windows 10.

As mentioned in my previous article about logging the terminal session, it would be very nice to have the date time echo-ed regularly, to be able to find your way in the log-file.

While working with Linux on and off for two decades, I never structurally solved the problem of tweaking a new Linux installation to my liking, over and over again.

Many times I’ve used Netcat to setup (reverse) shell from a compromised machine. Digging into services lately, I thought why not use a service to make Netcat a persistent to be able to return to the machine.

As a penetration tester you really must log all steps you take to make a complete and detailed report for the client. Ofcourse you can’t help that once in a while you miss one step. From my training I got a valuable tip to use the script command for logging complete terminal sessions.

On my road to OSCP I just finished one awesome week of OSCP Training. The live Penetration Testing with Kali Linux (PWK) training by Offensive Security trainers.

Back in 2012 the .NET Framework 4.5 introduced asynchronous programming with async and await. Nowadays I regularly see it being used, but I can see that it just isn’t understood well.

Back in 2012 the .NET Framework 4.5 introduced asynchronous programming with async and await. Nowadays I regularly see it being used, but I can see that it just isn’t understood well.

In 1970 the “Game of Life” was created by the British mathematician John Conway. A discrete mathematics model to mimic the behavior of living cells.

Bloomberg release a very detailed report on how Amazon discovered a hardware backdoor the size of a single grain of rice in servers manufactured by Elemental Technologies.

Using “git push --force” is really evil. You force your current state of a local branch upon the remote branch, no matter what. Even if some commit got pushed right before your force push, it would be overwritten without any notice at all! Unfortunately with a rebasing strategy you can not avoid it.

The Netherlands was plagued by numerous DDOS attacks lately. The tax authorities, Bunq bank and many other banks and government agencies. The attacker was careless and left some traces and was even arrogant enough to seek contact with the sysadmin of Tweakers.net, one of the targeted sites.

Frequently I am working on a large commit having many changed files or running a precarious debug session or time consuming test. But some other urgent task comes by forcing me to switch branches. Today I was running a time consuming test so I had enough time to investigate out how I could update another branch and push a commit to origin.

Sometimes I get a very worried person at my desk, thinking he just screwed up bigtime and lost some important commit he made. When you think your work has been lost for good due to some git commands you executed, think again! Git tracks everything and actually never really loses a commit…

Jekyll does support tags, but what about determining related posts based on tags of the post? Jekyll does not support tags very well. There is no support for a tag archive page, neither does it support listing related posts. Let’s make this work!

Recently I was asked to give feedback on a new website. It uses Wordpress, but why? Why not? So I researched a bit and was able to give a well-founded answer. about the risk of having plug-ins installed.

Every modern Intel CPU has Intel’s Management Engine (ME) built in. You actually get another OS completely free with your CPU: MINIX.

To me Universal Plug and Play (UPnP) alway was a mysterious protocol. When some cool program required an open port, UPnP made it happen. When some fancy program did not work, someone would ask me: “Did you enable UPnP”? Right, I forgot… I had no clue what magic UPnP did for me.

At times I find myself in situations in which I can not rely on my favorite commandline text editor VIM. But of course editing files is a must. Writing my own non-interactive line editor actually did cross my mind, but hold on… What about my old time friend sed?!

A while ago someone notified me that my website had broken by a change I made. “I got a tip for you! You should check it out with git bisect” and so I did. It was great to learn such a nifty feature of git. I shared my experience with some other git users but none of them knew about git bisect.

By default almost everyone is using “git pull” to update their local branch. When someone has forced pushed the result of a rebased to a repository, executing a simple “git pull” will often give you merge conflicts. What is going on and how should you get to the latest truth to continue working?

In the .NET Framework using reflection was always a bit cool when you needed it to solve a problem. Of course you have the performance penalty in mind when using it. Querying objects at runtime and even call properties and execute methods on that object, that’s awesome! But what about having an interface that answers those queries?

Equifax is a consumer credit reporting agency and last week it got hacked. Now the information of 143 milion US citizens, about 45% of the population, has been compromised by hackers. The hackers got access to names, birth dates, addresses but also social sercurity numbers and in some cases drivers license numbers.

Many years ago, I studied the art of picking locks. Not to do anything illegal, but just to learn about locks and how they work. Most importantly, open locks in a non-destructive way the manufacturer certainly did not intend to open. I bought a lock picking set and a practice lock. Over the years I collected some other locks, formerly used in real life. I finally got a chance to show off my skills.

Static sites are just static html files, right? Not quite these days. I’ve added comments to my static generated site hosted with Github pages.

I am working on a windows laptop, so getting jekyll to work correctly seems to be troublesome. So before pushing changes to my repository, I would like to check them on a jekyll docker image running on my NAS. Using the “git format-patch” command, we export out commits and apply them on our jekyll docker image to build and html-proof our site.

Recently in my OSCP course, I was struggeling a few hours to get a reversed shell connection. It was a FreeBSD box, not quite my expertise. Finally I came up with a simple solution using tail -f.

Welcome to my new static website generated with Jekyll! Finally I got fed up with my single-page website so I was looking for a nice way to setup my new website.