Hackerman's Hacking Tutorials

The knowledge of anything, since all things have causes, is not acquired or complete unless it is known by its causes. - Avicenna

2024 Jan 21A Few Fun Semgrep Experiments
2024 Jan 10Some SANS Holiday Hack 2023 Solutions
2023 Oct 28Semgrep's Experimental Rule Syntax
2023 Jan 19Some SANS Holiday Hack 2022 Solutions
2022 Oct 16YAML Wrangling with Rust
2022 Apr 7Code Review Hot Spots with Semgrep
2022 Feb 7Security Nightmares of Game Package Managers
2022 Jan 21Some SANS Holiday Hack 2021 Solutions
2021 Dec 20RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
2021 Oct 25A Hands-On Intro to Semgrep's Autofix
2021 Oct 11Modify GitLab Repositories from the CI Pipeline
2021 Sep 26Attack Surface Analysis - Part 3 - Resurrected Code Execution
2021 Jul 30The Thick Client Vulns That Weren't
2021 Jun 22Semgrep: The Surgical Static Analysis Tool
2021 Jun 8The JavaScript Bridge in Modern Desktop Applications
2021 May 31Public Remote File Share in The Cloud
2021 Apr 30Testing Extensions in Chromium Browsers - Nordpass
2021 Mar 17Attack Surface Analysis - Part 2 - Custom Protocol Handlers
2021 Feb 17Automagically Deploying Websites with Custom Domains to GitHub Pages
2021 Jan 17Some SANS Holiday Hack 2020 Solutions
2021 Jan 8Attack Surface Analysis - Part 1 - Application Update: 'A Novel Way to Bypass Executable Signature Checks with Electron'
2021 Jan 1The $15000 PlayStation Bounty
2020 Nov 15Customizing Python's SimpleHTTPServer
2020 Nov 1The Same-Origin Policy Gone Wild
2020 Aug 13localghost: Escaping the Browser Sandbox Without 0-Days
2020 Jul 25No, You Are Not Getting a CVE for That
2020 Jun 22Thick Client Proxying - Part 11 - GOG Galaxy and Extract-SNI
2020 May 17Go Slices and Their Oddities
2020 May 9Thick Client Proxying - Part 10 - The hosts File
2020 May 1Towards a Quieter Burp History
2020 Apr 17The Encrypted Logz - Some Simple Reverse Engineering
2020 Apr 5The Golang int and the Overlooked Bug
2020 Mar 13Time Management For Systems Administrators - Lessons Learned
2020 Feb 9Old ContextIS Challenge Solutions
2020 Feb 6Documentation Writing for System Administrators - Notes
2020 Jan 15Some SANS Holiday Hack 2019 Solutions
2019 Dec 22Using Mozilla Rhino to Run JavaScript in Java
2019 Dec 2Developing and Debugging Java Burp Extensions with Visual Studio Code
2019 Nov 26Swing in Python Burp Extensions - Part 3 - Tips and Tricks
2019 Nov 11Swing in Python Burp Extensions - Part 2 - NetBeans and TableModels
2019 Nov 4Swing in Python Burp Extensions - Part 1
2019 Oct 13Quality of Life Tips and Tricks - Burp Suite
2019 Jul 28Disabling Cascade Fan's Beep
2019 Jun 18Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer
2019 Apr 28Thick Client Proxying - Part 9 - The Windows DNS Cache
2019 Apr 21Disabling Burp's Update Screen - Part 1 - Analysis and Failures
2019 Apr 17The Dark Side of "Manual Work is a Bug"
2019 Apr 6Hiding OPTIONS - An Adventure in Dealing with Burp Proxy in an Extension
2019 Mar 9path.Join Considered Harmful
2019 Jan 31Cheating at Moonlighter - Part 4 - Defense
2019 Jan 29Cheating at Moonlighter - Part 3 - Enabling Debug HUD
2019 Jan 27Cheating at Moonlighter - Part 2 - Changing Game Logic with dnSpy
2019 Jan 23Cheating at Moonlighter - Part 1 - Save File
2019 Jan 19Notes on Escaping Python Shells
2019 Jan 15SANS Holiday Hack Challenge 2018 Solutions
2019 Jan 3Cloudflare Concise Christmas Cryptography Challenges 2019 Solutions
2018 Dec 24Cryptography in Python Burp Extensions
2018 Dec 22AES-CFB128: PyCrypto vs. Go
2018 Dec 19Python Utility Modules for Burp Extensions
2018 Dec 17Tiredful API - Part 2 - Comparing Site Maps with Burp
2018 Dec 11Tiredful API - Part 1 - Burp Session Validation with Macros
2018 Dec 4Cheap Integrity Checks with HEAD
2018 Nov 18Pointers Inside for
2018 Nov 10filepath.Ext Notes
2018 Nov 1Windows Filetime Timestamps and Byte Wrangling with Go
2018 Oct 28Blackfriday's Parser and Generating graphs with gographviz
2018 Oct 26DEF CON 26 - Tineola - Youtube Video
2018 Oct 6Gophercises - Lessons Learned
2018 Oct 3Reflections on "Manual Work is a Bug"
2018 Sep 27Tineola: Taking a Bite out of Enterprise Blockchain
2018 Aug 25DVTA - Part 5 - Client-side Storage and DLL Hijacking
2018 Aug 23Committing Insurance Fraud with Tineola
2018 Aug 2DVTA - Part 4 - Traffic Tampering with dnSpy
2018 Jul 30DVTA - Part 3 - Network Recon
2018 Jul 21DVTA - Part 2 - Cert Pinning and Login Button
2018 Jul 15DVTA - Part 1 - Setup
2018 Jul 4Istanbul Tips and Tricks
2018 Jun 5ContextIS xmas CTF Writeup
2018 May 26On Username Enumeration
2018 May 5Learning Go-Fuzz 2: goexif2
2018 Apr 29Learning Go-Fuzz 1: iprange
2018 Apr 24Semi-Automated Cloning: Pain-Free Knowledge Base Creation
2018 Apr 24Deploying my Knowledge Base at parsiya.io to S3 with Travis CI
2018 Apr 15Adding Custom Chroma Styles to Hugo Themes
2018 Mar 17Blockchain Security Talk at NoVA Hackers
2018 Mar 1The Great Hiatus
2018 Feb 25Extracting PNG Chunks with Go
2018 Feb 22CAP Theorem and Credit Cards
2018 Feb 21Byzantine Generals' Problem
2018 Feb 18Byzantine Fault Tolerance and the Telephone Game
2018 Feb 8Notes from NISTIR 8202 - Blockchain Technology Overview January 2018 Draft
2018 Jan 29VirtualBox Live State File Format
2018 Jan 23Mounting Live Snapshots of Encrypted VMs in VirtualBox
2018 Jan 19Decoding Large Base64 Files with Go
2017 Dec 29Simple SSH Harvester in Go
2017 Dec 19Windows XP 32-bit SP3 Virtual Machines
2017 Dec 3Go and pcaps
2017 Nov 29"Hacking" Car Mechanic Simulator 2015
2017 Nov 27cmd Startup Commands
2017 Nov 15WinAppDbg - Part 4 - Bruteforcing FlareOn 2017 - Challenge 3
2017 Nov 15WinAppDbg - Part 3 - Manipulating Function Calls
2017 Nov 11WinAppDbg - Part 2 - Function Hooking and Others
2017 Nov 9WinAppDbg - Part 1 - Basics
2017 Oct 26Silly Attack Using Run Line
2017 Oct 23Run Line vs. cmd vs. PowerShell
2017 Oct 8Thick Client Proxying - Part 8 - Notes on Proxying Windows Services
2017 Oct 7Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File
2017 Sep 21Razer Comms
2017 Aug 6TLDR: Base64
2017 Jul 8From Atom to Sublime Text
2016 Aug 1The Great Hiatus
2016 Jul 28Thick Client Proxying - Part 6: How HTTP(s) Proxies Work
2016 Jul 14Gynvael Coldwind - Garage4Hackers - Notes from March 2014
2016 Jun 7Windows Netsh Interface Portproxy
2016 Jun 1Learning Go
2016 May 15Thick Client Proxying - Part 5: FileHippo App Manager or the Bloated Hippo
2016 May 9Looking for Apps to Proxy
2016 Apr 14Cloudfront and TLS
2016 Apr 7Thick Client Proxying - Part 4: Burp in Proxy Chains
2016 Apr 3Hugo Octopress Update
2016 Apr 2Thick Client Proxying - Part 3: Burp Options and Extender
2016 Mar 29Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More
2016 Mar 27Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners
2016 Feb 21Installing Burp Certificate Authority in Windows Certificate Store
2016 Feb 14Archive Page in Hugo
2016 Feb 2From Octopress to Hugo
2016 Jan 31Why Hugo?
2015 Nov 14Intro to .NET Remoting for Hackers
2015 Oct 19Proxying Hipchat Part 3: SSL Added and Removed Here :^)
2015 Oct 9Proxying Hipchat Part 2: So You Think You Can Use Burp?
2015 Oct 8Proxying Hipchat Part 1: Where did the Traffic Go?
2015 Aug 1Network Traffic Attribution on Windows
2015 Jul 26Image Popup and Octopress
2015 Jan 6Tales from the Crypt(o) - Leaking AES Keys
2014 Dec 8Pin Adventures - Chapter 1 - PinSolver Mk1
2014 Nov 18Building memfetch on Kali + Comments
2014 Sep 23My Adventure with Fireeye FLARE Challenge
2014 Sep 21Malware Adventure
2014 Sep 2Fireeye's FLARE Challenge
2014 Jul 3Apple's Common Crypto Library Defaults to a Zero IV if One is not Provided
2014 Jun 25Piping SSL/TLS Traffic from SoapUI to Burp
2014 May 25Pasting Shellcode in GDB using Python
2014 Apr 22Amazon S3 and CSS
2014 Apr 20Now hosted on Amazon S3
2013 Nov 17How do I TLS Ciphersuite?
2013 Sep 29Microsoft Bluehat Challenges
2013 Sep 23Snow Crash and Malware
2013 Sep 20Update Inc
2013 Sep 15MarkDown and Cookie Clicker
2013 Sep 14Hello Octopress