2024 Sep 19Steam's 'Open in Desktop' Button2024 Apr 9Knee Deep in tree-sitter CST2024 Mar 19Knee Deep in tree-sitter Queries2024 Jan 21A Few Fun Semgrep Experiments2024 Jan 10Some SANS Holiday Hack 2023 Solutions2023 Oct 28Semgrep's Experimental Rule Syntax2023 Jan 19Some SANS Holiday Hack 2022 Solutions2022 Oct 16YAML Wrangling with Rust2022 Apr 7Code Review Hot Spots with Semgrep2022 Feb 7Security Nightmares of Game Package Managers2022 Jan 21Some SANS Holiday Hack 2021 Solutions2021 Dec 20RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit2021 Oct 25A Hands-On Intro to Semgrep's Autofix2021 Oct 11Modify GitLab Repositories from the CI Pipeline2021 Sep 26Attack Surface Analysis - Part 3 - Resurrected Code Execution2021 Jul 30The Thick Client Vulns That Weren't2021 Jun 22Semgrep: The Surgical Static Analysis Tool2021 Jun 8The JavaScript Bridge in Modern Desktop Applications2021 May 31Public Remote File Share in The Cloud2021 Apr 30Testing Extensions in Chromium Browsers - Nordpass2021 Mar 17Attack Surface Analysis - Part 2 - Custom Protocol Handlers2021 Feb 17Automagically Deploying Websites with Custom Domains to GitHub Pages2021 Jan 17Some SANS Holiday Hack 2020 Solutions2021 Jan 8Attack Surface Analysis - Part 1 - Application Update: 'A Novel Way to Bypass Executable Signature Checks with Electron'2021 Jan 1The $15000 PlayStation Bounty2020 Nov 15Customizing Python's SimpleHTTPServer2020 Nov 1The Same-Origin Policy Gone Wild2020 Aug 13localghost: Escaping the Browser Sandbox Without 0-Days2020 Jul 25No, You Are Not Getting a CVE for That2020 Jun 22Thick Client Proxying - Part 11 - GOG Galaxy and Extract-SNI2020 May 17Go Slices and Their Oddities2020 May 9Thick Client Proxying - Part 10 - The hosts File2020 May 1Towards a Quieter Burp History2020 Apr 17The Encrypted Logz - Some Simple Reverse Engineering2020 Apr 5The Golang int and the Overlooked Bug2020 Mar 13Time Management For Systems Administrators - Lessons Learned2020 Feb 9Old ContextIS Challenge Solutions2020 Feb 6Documentation Writing for System Administrators - Notes2020 Jan 15Some SANS Holiday Hack 2019 Solutions2019 Dec 22Using Mozilla Rhino to Run JavaScript in Java2019 Dec 2Developing and Debugging Java Burp Extensions with Visual Studio Code2019 Nov 26Swing in Python Burp Extensions - Part 3 - Tips and Tricks2019 Nov 11Swing in Python Burp Extensions - Part 2 - NetBeans and TableModels2019 Nov 4Swing in Python Burp Extensions - Part 12019 Oct 13Quality of Life Tips and Tricks - Burp Suite2019 Jul 28Disabling Cascade Fan's Beep2019 Jun 18Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer2019 Apr 28Thick Client Proxying - Part 9 - The Windows DNS Cache2019 Apr 21Disabling Burp's Update Screen - Part 1 - Analysis and Failures2019 Apr 17The Dark Side of "Manual Work is a Bug"2019 Apr 6Hiding OPTIONS - An Adventure in Dealing with Burp Proxy in an Extension2019 Mar 9path.Join Considered Harmful2019 Jan 31Cheating at Moonlighter - Part 4 - Defense2019 Jan 29Cheating at Moonlighter - Part 3 - Enabling Debug HUD2019 Jan 27Cheating at Moonlighter - Part 2 - Changing Game Logic with dnSpy2019 Jan 23Cheating at Moonlighter - Part 1 - Save File2019 Jan 19Notes on Escaping Python Shells2019 Jan 15SANS Holiday Hack Challenge 2018 Solutions2019 Jan 3Cloudflare Concise Christmas Cryptography Challenges 2019 Solutions2018 Dec 24Cryptography in Python Burp Extensions2018 Dec 22AES-CFB128: PyCrypto vs. Go2018 Dec 19Python Utility Modules for Burp Extensions2018 Dec 17Tiredful API - Part 2 - Comparing Site Maps with Burp2018 Dec 11Tiredful API - Part 1 - Burp Session Validation with Macros2018 Dec 4Cheap Integrity Checks with HEAD2018 Nov 18Pointers Inside for2018 Nov 10filepath.Ext Notes2018 Nov 1Windows Filetime Timestamps and Byte Wrangling with Go2018 Oct 28Blackfriday's Parser and Generating graphs with gographviz2018 Oct 26DEF CON 26 - Tineola - Youtube Video2018 Oct 6Gophercises - Lessons Learned2018 Oct 3Reflections on "Manual Work is a Bug"2018 Sep 27Tineola: Taking a Bite out of Enterprise Blockchain2018 Aug 25DVTA - Part 5 - Client-side Storage and DLL Hijacking2018 Aug 23Committing Insurance Fraud with Tineola2018 Aug 2DVTA - Part 4 - Traffic Tampering with dnSpy2018 Jul 30DVTA - Part 3 - Network Recon2018 Jul 21DVTA - Part 2 - Cert Pinning and Login Button2018 Jul 15DVTA - Part 1 - Setup2018 Jul 4Istanbul Tips and Tricks2018 Jun 5ContextIS xmas CTF Writeup2018 May 26On Username Enumeration2018 May 5Learning Go-Fuzz 2: goexif22018 Apr 29Learning Go-Fuzz 1: iprange2018 Apr 24Semi-Automated Cloning: Pain-Free Knowledge Base Creation2018 Apr 24Deploying my Knowledge Base at parsiya.io to S3 with Travis CI2018 Apr 15Adding Custom Chroma Styles to Hugo Themes2018 Mar 17Blockchain Security Talk at NoVA Hackers2018 Mar 1The Great Hiatus2018 Feb 25Extracting PNG Chunks with Go2018 Feb 22CAP Theorem and Credit Cards2018 Feb 21Byzantine Generals' Problem2018 Feb 18Byzantine Fault Tolerance and the Telephone Game2018 Feb 8Notes from NISTIR 8202 - Blockchain Technology Overview January 2018 Draft2018 Jan 29VirtualBox Live State File Format2018 Jan 23Mounting Live Snapshots of Encrypted VMs in VirtualBox2018 Jan 19Decoding Large Base64 Files with Go2017 Dec 29Simple SSH Harvester in Go2017 Dec 19Windows XP 32-bit SP3 Virtual Machines2017 Dec 3Go and pcaps2017 Nov 29"Hacking" Car Mechanic Simulator 20152017 Nov 27cmd Startup Commands2017 Nov 15WinAppDbg - Part 4 - Bruteforcing FlareOn 2017 - Challenge 32017 Nov 15WinAppDbg - Part 3 - Manipulating Function Calls2017 Nov 11WinAppDbg - Part 2 - Function Hooking and Others2017 Nov 9WinAppDbg - Part 1 - Basics2017 Oct 26Silly Attack Using Run Line2017 Oct 23Run Line vs. cmd vs. PowerShell2017 Oct 8Thick Client Proxying - Part 8 - Notes on Proxying Windows Services2017 Oct 7Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File2017 Sep 21Razer Comms2017 Aug 6TLDR: Base642017 Jul 8From Atom to Sublime Text2016 Aug 1The Great Hiatus2016 Jul 28Thick Client Proxying - Part 6: How HTTP(s) Proxies Work2016 Jul 14Gynvael Coldwind - Garage4Hackers - Notes from March 20142016 Jun 7Windows Netsh Interface Portproxy2016 Jun 1Learning Go2016 May 15Thick Client Proxying - Part 5: FileHippo App Manager or the Bloated Hippo2016 May 9Looking for Apps to Proxy2016 Apr 14Cloudfront and TLS2016 Apr 7Thick Client Proxying - Part 4: Burp in Proxy Chains2016 Apr 3Hugo Octopress Update2016 Apr 2Thick Client Proxying - Part 3: Burp Options and Extender2016 Mar 29Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More2016 Mar 27Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners2016 Feb 21Installing Burp Certificate Authority in Windows Certificate Store2016 Feb 14Archive Page in Hugo2016 Feb 2From Octopress to Hugo2016 Jan 31Why Hugo?2015 Nov 14Intro to .NET Remoting for Hackers2015 Oct 19Proxying Hipchat Part 3: SSL Added and Removed Here :^)2015 Oct 9Proxying Hipchat Part 2: So You Think You Can Use Burp?2015 Oct 8Proxying Hipchat Part 1: Where did the Traffic Go?2015 Aug 1Network Traffic Attribution on Windows2015 Jul 26Image Popup and Octopress2015 Jan 6Tales from the Crypt(o) - Leaking AES Keys2014 Dec 8Pin Adventures - Chapter 1 - PinSolver Mk12014 Nov 18Building memfetch on Kali + Comments2014 Sep 23My Adventure with Fireeye FLARE Challenge2014 Sep 21Malware Adventure2014 Sep 2Fireeye's FLARE Challenge2014 Jul 3Apple's Common Crypto Library Defaults to a Zero IV if One is not Provided2014 Jun 25Piping SSL/TLS Traffic from SoapUI to Burp2014 May 25Pasting Shellcode in GDB using Python2014 Apr 22Amazon S3 and CSS2014 Apr 20Now hosted on Amazon S32013 Nov 17How do I TLS Ciphersuite?2013 Sep 29Microsoft Bluehat Challenges2013 Sep 23Snow Crash and Malware2013 Sep 20Update Inc2013 Sep 15MarkDown and Cookie Clicker2013 Sep 14Hello Octopress