Hackerman's Hacking Tutorials

The knowledge of anything, since all things have causes, is not acquired or complete unless it is known by its causes. - Avicenna

Posts

2021 Dec 20 RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
2021 Oct 25 A Hands-On Intro to Semgrep's Autofix
2021 Oct 11 Modify GitLab Repositories from the CI Pipeline
2021 Sep 26 Attack Surface Analysis - Part 3 - Resurrected Code Execution
2021 Jul 30 The Thick Client Vulns That Weren't
2021 Jun 22 Semgrep: The Surgical Static Analysis Tool
2021 Jun 8 The JavaScript Bridge in Modern Desktop Applications
2021 May 31 Public Remote File Share in The Cloud
2021 Apr 30 Testing Extensions in Chromium Browsers - Nordpass
2021 Mar 17 Attack Surface Analysis - Part 2 - Custom Protocol Handlers
2021 Feb 17 Automagically Deploying Websites with Custom Domains to GitHub Pages
2021 Jan 17 Some SANS Holiday Hack 2020 Solutions
2021 Jan 8 Attack Surface Analysis - Part 1 - Application Update: 'A Novel Way to Bypass Executable Signature Checks with Electron'
2021 Jan 1 The $15000 PlayStation Bounty
2020 Nov 15 Customizing Python's SimpleHTTPServer
2020 Nov 1 The Same-Origin Policy Gone Wild
2020 Aug 13 localghost: Escaping the Browser Sandbox Without 0-Days
2020 Jul 25 No, You Are Not Getting a CVE for That
2020 Jun 22 Thick Client Proxying - Part 11 - GOG Galaxy and Extract-SNI
2020 May 17 Go Slices and Their Oddities
2020 May 9 Thick Client Proxying - Part 10 - The hosts File
2020 May 1 Towards a Quieter Burp History
2020 Apr 17 The Encrypted Logz - Some Simple Reverse Engineering
2020 Apr 5 The Golang int and the Overlooked Bug
2020 Mar 13 Time Management For Systems Administrators - Lessons Learned
2020 Feb 9 Old ContextIS Challenge Solutions
2020 Feb 6 Documentation Writing for System Administrators - Notes
2020 Jan 15 Some SANS Holiday Hack 2019 Solutions
2019 Dec 22 Using Mozilla Rhino to Run JavaScript in Java
2019 Dec 2 Developing and Debugging Java Burp Extensions with Visual Studio Code
2019 Nov 26 Swing in Python Burp Extensions - Part 3 - Tips and Tricks
2019 Nov 11 Swing in Python Burp Extensions - Part 2 - NetBeans and TableModels
2019 Nov 4 Swing in Python Burp Extensions - Part 1
2019 Oct 13 Quality of Life Tips and Tricks - Burp Suite
2019 Jul 28 Disabling Cascade Fan's Beep
2019 Jun 18 Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer
2019 Apr 28 Thick Client Proxying - Part 9 - The Windows DNS Cache
2019 Apr 21 Disabling Burp's Update Screen - Part 1 - Analysis and Failures
2019 Apr 17 The Dark Side of "Manual Work is a Bug"
2019 Apr 6 Hiding OPTIONS - An Adventure in Dealing with Burp Proxy in an Extension
2019 Mar 9 path.Join Considered Harmful
2019 Jan 31 Cheating at Moonlighter - Part 4 - Defense
2019 Jan 29 Cheating at Moonlighter - Part 3 - Enabling Debug HUD
2019 Jan 27 Cheating at Moonlighter - Part 2 - Changing Game Logic with dnSpy
2019 Jan 23 Cheating at Moonlighter - Part 1 - Save File
2019 Jan 19 Notes on Escaping Python Shells
2019 Jan 15 SANS Holiday Hack Challenge 2018 Solutions
2019 Jan 3 Cloudflare Concise Christmas Cryptography Challenges 2019 Solutions
2018 Dec 24 Cryptography in Python Burp Extensions
2018 Dec 22 AES-CFB128: PyCrypto vs. Go
2018 Dec 19 Python Utility Modules for Burp Extensions
2018 Dec 17 Tiredful API - Part 2 - Comparing Site Maps with Burp
2018 Dec 11 Tiredful API - Part 1 - Burp Session Validation with Macros
2018 Dec 4 Cheap Integrity Checks with HEAD
2018 Nov 18 Pointers Inside for
2018 Nov 10 filepath.Ext Notes
2018 Nov 1 Windows Filetime Timestamps and Byte Wrangling with Go
2018 Oct 28 Blackfriday's Parser and Generating graphs with gographviz
2018 Oct 26 DEF CON 26 - Tineola - Youtube Video
2018 Oct 6 Gophercises - Lessons Learned
2018 Oct 3 Reflections on "Manual Work is a Bug"
2018 Sep 27 Tineola: Taking a Bite out of Enterprise Blockchain
2018 Aug 25 DVTA - Part 5 - Client-side Storage and DLL Hijacking
2018 Aug 23 Committing Insurance Fraud with Tineola
2018 Aug 2 DVTA - Part 4 - Traffic Tampering with dnSpy
2018 Jul 30 DVTA - Part 3 - Network Recon
2018 Jul 21 DVTA - Part 2 - Cert Pinning and Login Button
2018 Jul 15 DVTA - Part 1 - Setup
2018 Jul 4 Istanbul Tips and Tricks
2018 Jun 5 ContextIS xmas CTF Writeup
2018 May 26 On Username Enumeration
2018 May 5 Learning Go-Fuzz 2: goexif2
2018 Apr 29 Learning Go-Fuzz 1: iprange
2018 Apr 24 Semi-Automated Cloning: Pain-Free Knowledge Base Creation
2018 Apr 24 Deploying my Knowledge Base at parsiya.io to S3 with Travis CI
2018 Apr 15 Adding Custom Chroma Styles to Hugo Themes
2018 Mar 17 Blockchain Security Talk at NoVA Hackers
2018 Mar 1 The Great Hiatus
2018 Feb 25 Extracting PNG Chunks with Go
2018 Feb 22 CAP Theorem and Credit Cards
2018 Feb 21 Byzantine Generals' Problem
2018 Feb 18 Byzantine Fault Tolerance and the Telephone Game
2018 Feb 8 Notes from NISTIR 8202 - Blockchain Technology Overview January 2018 Draft
2018 Jan 29 VirtualBox Live State File Format
2018 Jan 23 Mounting Live Snapshots of Encrypted VMs in VirtualBox
2018 Jan 19 Decoding Large Base64 Files with Go
2017 Dec 29 Simple SSH Harvester in Go
2017 Dec 19 Windows XP 32-bit SP3 Virtual Machines
2017 Dec 3 Go and pcaps
2017 Nov 29 "Hacking" Car Mechanic Simulator 2015
2017 Nov 27 cmd Startup Commands
2017 Nov 15 WinAppDbg - Part 4 - Bruteforcing FlareOn 2017 - Challenge 3
2017 Nov 15 WinAppDbg - Part 3 - Manipulating Function Calls
2017 Nov 11 WinAppDbg - Part 2 - Function Hooking and Others
2017 Nov 9 WinAppDbg - Part 1 - Basics
2017 Oct 26 Silly Attack Using Run Line
2017 Oct 23 Run Line vs. cmd vs. PowerShell
2017 Oct 8 Thick Client Proxying - Part 8 - Notes on Proxying Windows Services
2017 Oct 7 Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File
2017 Sep 21 Razer Comms
2017 Aug 6 TLDR: Base64
2017 Jul 8 From Atom to Sublime Text
2016 Aug 1 The Great Hiatus
2016 Jul 28 Thick Client Proxying - Part 6: How HTTP(s) Proxies Work
2016 Jul 14 Gynvael Coldwind - Garage4Hackers - Notes from March 2014
2016 Jun 7 Windows Netsh Interface Portproxy
2016 Jun 1 Learning Go
2016 May 15 Thick Client Proxying - Part 5: FileHippo App Manager or the Bloated Hippo
2016 May 9 Looking for Apps to Proxy
2016 Apr 14 Cloudfront and TLS
2016 Apr 7 Thick Client Proxying - Part 4: Burp in Proxy Chains
2016 Apr 3 Hugo Octopress Update
2016 Apr 2 Thick Client Proxying - Part 3: Burp Options and Extender
2016 Mar 29 Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More
2016 Mar 27 Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners
2016 Feb 21 Installing Burp Certificate Authority in Windows Certificate Store
2016 Feb 14 Archive Page in Hugo
2016 Feb 2 From Octopress to Hugo
2016 Jan 31 Why Hugo?
2015 Nov 14 Intro to .NET Remoting for Hackers
2015 Oct 19 Proxying Hipchat Part 3: SSL Added and Removed Here :^)
2015 Oct 9 Proxying Hipchat Part 2: So You Think You Can Use Burp?
2015 Oct 8 Proxying Hipchat Part 1: Where did the Traffic Go?
2015 Aug 1 Network Traffic Attribution on Windows
2015 Jul 26 Image Popup and Octopress
2015 Jan 6 Tales from the Crypt(o) - Leaking AES Keys
2014 Dec 8 Pin Adventures - Chapter 1 - PinSolver Mk1
2014 Nov 18 Building memfetch on Kali + Comments
2014 Sep 23 My Adventure with Fireeye FLARE Challenge
2014 Sep 21 Malware Adventure
2014 Sep 2 Fireeye's FLARE Challenge
2014 Jul 3 Apple's Common Crypto Library Defaults to a Zero IV if One is not Provided
2014 Jun 25 Piping SSL/TLS Traffic from SoapUI to Burp
2014 May 25 Pasting Shellcode in GDB using Python
2014 Apr 22 Amazon S3 and CSS
2014 Apr 20 Now hosted on Amazon S3
2013 Nov 17 How do I TLS Ciphersuite?
2013 Sep 29 Microsoft Bluehat Challenges
2013 Sep 23 Snow Crash and Malware
2013 Sep 20 Update Inc
2013 Sep 15 MarkDown and Cookie Clicker
2013 Sep 14 Hello Octopress