Hackerman's Hacking Tutorials

2022 Oct 16	YAML Wrangling with Rust
2022 Apr 7	Code Review Hot Spots with Semgrep
2022 Feb 7	Security Nightmares of Game Package Managers
2022 Jan 21	Some SANS Holiday Hack 2021 Solutions
2021 Dec 20	RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
2021 Oct 25	A Hands-On Intro to Semgrep's Autofix
2021 Oct 11	Modify GitLab Repositories from the CI Pipeline
2021 Sep 26	Attack Surface Analysis - Part 3 - Resurrected Code Execution
2021 Jul 30	The Thick Client Vulns That Weren't
2021 Jun 22	Semgrep: The Surgical Static Analysis Tool
2021 Jun 8	The JavaScript Bridge in Modern Desktop Applications
2021 May 31	Public Remote File Share in The Cloud
2021 Apr 30	Testing Extensions in Chromium Browsers - Nordpass
2021 Mar 17	Attack Surface Analysis - Part 2 - Custom Protocol Handlers
2021 Feb 17	Automagically Deploying Websites with Custom Domains to GitHub Pages
2021 Jan 17	Some SANS Holiday Hack 2020 Solutions
2021 Jan 8	Attack Surface Analysis - Part 1 - Application Update: 'A Novel Way to Bypass Executable Signature Checks with Electron'
2021 Jan 1	The $15000 PlayStation Bounty
2020 Nov 15	Customizing Python's SimpleHTTPServer
2020 Nov 1	The Same-Origin Policy Gone Wild
2020 Aug 13	localghost: Escaping the Browser Sandbox Without 0-Days
2020 Jul 25	No, You Are Not Getting a CVE for That
2020 Jun 22	Thick Client Proxying - Part 11 - GOG Galaxy and Extract-SNI
2020 May 17	Go Slices and Their Oddities
2020 May 9	Thick Client Proxying - Part 10 - The hosts File
2020 May 1	Towards a Quieter Burp History
2020 Apr 17	The Encrypted Logz - Some Simple Reverse Engineering
2020 Apr 5	The Golang int and the Overlooked Bug
2020 Mar 13	Time Management For Systems Administrators - Lessons Learned
2020 Feb 9	Old ContextIS Challenge Solutions
2020 Feb 6	Documentation Writing for System Administrators - Notes
2020 Jan 15	Some SANS Holiday Hack 2019 Solutions
2019 Dec 22	Using Mozilla Rhino to Run JavaScript in Java
2019 Dec 2	Developing and Debugging Java Burp Extensions with Visual Studio Code
2019 Nov 26	Swing in Python Burp Extensions - Part 3 - Tips and Tricks
2019 Nov 11	Swing in Python Burp Extensions - Part 2 - NetBeans and TableModels
2019 Nov 4	Swing in Python Burp Extensions - Part 1
2019 Oct 13	Quality of Life Tips and Tricks - Burp Suite
2019 Jul 28	Disabling Cascade Fan's Beep
2019 Jun 18	Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer
2019 Apr 28	Thick Client Proxying - Part 9 - The Windows DNS Cache
2019 Apr 21	Disabling Burp's Update Screen - Part 1 - Analysis and Failures
2019 Apr 17	The Dark Side of "Manual Work is a Bug"
2019 Apr 6	Hiding OPTIONS - An Adventure in Dealing with Burp Proxy in an Extension
2019 Mar 9	path.Join Considered Harmful
2019 Jan 31	Cheating at Moonlighter - Part 4 - Defense
2019 Jan 29	Cheating at Moonlighter - Part 3 - Enabling Debug HUD
2019 Jan 27	Cheating at Moonlighter - Part 2 - Changing Game Logic with dnSpy
2019 Jan 23	Cheating at Moonlighter - Part 1 - Save File
2019 Jan 19	Notes on Escaping Python Shells
2019 Jan 15	SANS Holiday Hack Challenge 2018 Solutions
2019 Jan 3	Cloudflare Concise Christmas Cryptography Challenges 2019 Solutions
2018 Dec 24	Cryptography in Python Burp Extensions
2018 Dec 22	AES-CFB128: PyCrypto vs. Go
2018 Dec 19	Python Utility Modules for Burp Extensions
2018 Dec 17	Tiredful API - Part 2 - Comparing Site Maps with Burp
2018 Dec 11	Tiredful API - Part 1 - Burp Session Validation with Macros
2018 Dec 4	Cheap Integrity Checks with HEAD
2018 Nov 18	Pointers Inside for
2018 Nov 10	filepath.Ext Notes
2018 Nov 1	Windows Filetime Timestamps and Byte Wrangling with Go
2018 Oct 28	Blackfriday's Parser and Generating graphs with gographviz
2018 Oct 26	DEF CON 26 - Tineola - Youtube Video
2018 Oct 6	Gophercises - Lessons Learned
2018 Oct 3	Reflections on "Manual Work is a Bug"
2018 Sep 27	Tineola: Taking a Bite out of Enterprise Blockchain
2018 Aug 25	DVTA - Part 5 - Client-side Storage and DLL Hijacking
2018 Aug 23	Committing Insurance Fraud with Tineola
2018 Aug 2	DVTA - Part 4 - Traffic Tampering with dnSpy
2018 Jul 30	DVTA - Part 3 - Network Recon
2018 Jul 21	DVTA - Part 2 - Cert Pinning and Login Button
2018 Jul 15	DVTA - Part 1 - Setup
2018 Jul 4	Istanbul Tips and Tricks
2018 Jun 5	ContextIS xmas CTF Writeup
2018 May 26	On Username Enumeration
2018 May 5	Learning Go-Fuzz 2: goexif2
2018 Apr 29	Learning Go-Fuzz 1: iprange
2018 Apr 24	Semi-Automated Cloning: Pain-Free Knowledge Base Creation
2018 Apr 24	Deploying my Knowledge Base at parsiya.io to S3 with Travis CI
2018 Apr 15	Adding Custom Chroma Styles to Hugo Themes
2018 Mar 17	Blockchain Security Talk at NoVA Hackers
2018 Mar 1	The Great Hiatus
2018 Feb 25	Extracting PNG Chunks with Go
2018 Feb 22	CAP Theorem and Credit Cards
2018 Feb 21	Byzantine Generals' Problem
2018 Feb 18	Byzantine Fault Tolerance and the Telephone Game
2018 Feb 8	Notes from NISTIR 8202 - Blockchain Technology Overview January 2018 Draft
2018 Jan 29	VirtualBox Live State File Format
2018 Jan 23	Mounting Live Snapshots of Encrypted VMs in VirtualBox
2018 Jan 19	Decoding Large Base64 Files with Go
2017 Dec 29	Simple SSH Harvester in Go
2017 Dec 19	Windows XP 32-bit SP3 Virtual Machines
2017 Dec 3	Go and pcaps
2017 Nov 29	"Hacking" Car Mechanic Simulator 2015
2017 Nov 27	cmd Startup Commands
2017 Nov 15	WinAppDbg - Part 4 - Bruteforcing FlareOn 2017 - Challenge 3
2017 Nov 15	WinAppDbg - Part 3 - Manipulating Function Calls
2017 Nov 11	WinAppDbg - Part 2 - Function Hooking and Others
2017 Nov 9	WinAppDbg - Part 1 - Basics
2017 Oct 26	Silly Attack Using Run Line
2017 Oct 23	Run Line vs. cmd vs. PowerShell
2017 Oct 8	Thick Client Proxying - Part 8 - Notes on Proxying Windows Services
2017 Oct 7	Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File
2017 Sep 21	Razer Comms
2017 Aug 6	TLDR: Base64
2017 Jul 8	From Atom to Sublime Text
2016 Aug 1	The Great Hiatus
2016 Jul 28	Thick Client Proxying - Part 6: How HTTP(s) Proxies Work
2016 Jul 14	Gynvael Coldwind - Garage4Hackers - Notes from March 2014
2016 Jun 7	Windows Netsh Interface Portproxy
2016 Jun 1	Learning Go
2016 May 15	Thick Client Proxying - Part 5: FileHippo App Manager or the Bloated Hippo
2016 May 9	Looking for Apps to Proxy
2016 Apr 14	Cloudfront and TLS
2016 Apr 7	Thick Client Proxying - Part 4: Burp in Proxy Chains
2016 Apr 3	Hugo Octopress Update
2016 Apr 2	Thick Client Proxying - Part 3: Burp Options and Extender
2016 Mar 29	Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More
2016 Mar 27	Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners
2016 Feb 21	Installing Burp Certificate Authority in Windows Certificate Store
2016 Feb 14	Archive Page in Hugo
2016 Feb 2	From Octopress to Hugo
2016 Jan 31	Why Hugo?
2015 Nov 14	Intro to .NET Remoting for Hackers
2015 Oct 19	Proxying Hipchat Part 3: SSL Added and Removed Here :^)
2015 Oct 9	Proxying Hipchat Part 2: So You Think You Can Use Burp?
2015 Oct 8	Proxying Hipchat Part 1: Where did the Traffic Go?
2015 Aug 1	Network Traffic Attribution on Windows
2015 Jul 26	Image Popup and Octopress
2015 Jan 6	Tales from the Crypt(o) - Leaking AES Keys
2014 Dec 8	Pin Adventures - Chapter 1 - PinSolver Mk1
2014 Nov 18	Building memfetch on Kali + Comments
2014 Sep 23	My Adventure with Fireeye FLARE Challenge
2014 Sep 21	Malware Adventure
2014 Sep 2	Fireeye's FLARE Challenge
2014 Jul 3	Apple's Common Crypto Library Defaults to a Zero IV if One is not Provided
2014 Jun 25	Piping SSL/TLS Traffic from SoapUI to Burp
2014 May 25	Pasting Shellcode in GDB using Python
2014 Apr 22	Amazon S3 and CSS
2014 Apr 20	Now hosted on Amazon S3
2013 Nov 17	How do I TLS Ciphersuite?
2013 Sep 29	Microsoft Bluehat Challenges
2013 Sep 23	Snow Crash and Malware
2013 Sep 20	Update Inc
2013 Sep 15	MarkDown and Cookie Clicker
2013 Sep 14	Hello Octopress