YUUUUP! I’ve always been overweight, I’ve tried half-heartedly to fix this many times over the years but I never really had much success. But in late 2020/early 2021 I decided that was time to change. For good. So I bought a Peloton and started hitting the pedals. 45 minutes 3x per week, with another 90 minute ride on Saturday. I…
Some background information, feel free to skip: I’m relatively new to pentesting. I’ve spent my whole career on the blue side, mostly with SIEM technologies. But that’s boring! I want to HACK! So my employer paid for some training and set a goal to finish HackTheBox Bug Bounty course and all TryHackMe modules this year. So I’m documenting my progress,…
People ask what the future of programming (and other IT tasks) looks like with tools like Chat-GPT and Github Copilot. My take: AI is basically a summer intern. Horse Whips and Buggy Factories The trajectory of technology is always Manual effort -> Partial automation -> Full automation -> New careers built babysitting the automation. Information was remembered and only communicated…
You’ve seen the stories about orcas attacking ships and wreaking havoc in the ocean, right? Well why let the orcas have all the fun?! Now you can swim through the ocean and sink ships too! I was bored so on Saturday I installed the Unity engine and Visual Studio and started learning C#. On Thursday I launched Shiprekt on itch.io…
Hey guys! This is my first CTF writeup, red teaming is a new thing to me! Let’s get started! I’m starting with Photobomb from HackTheBox. It’s an easy CTF but I’m pretty new to pentesting so it’s a good challenge for me. I’ve been told it’s good practice to add the box name to your /etc/hosts file before you get…
If you’ve followed my project Inexpire, you’ll know I originally was building it using a React static site backed by AWS DynamoDB and Lambda. After a short while without making any significant progress, I switched back to my comfort zone (Rails) and hammered out a working app using technology I was more familiar with. Well, I’ve given it another shot…
I was a security consultant for 6 years, and I’ve been working in security for 10 years and if there’s one thing I’ve learned its this: IT and the rest of the business really doesn’t like or even understand security. We get in their way and we demand things of them that only help us, and the business never sees…
A year or so ago I mothballed one of my projects by dumping the database to AWS DynamoDB and throwing a static JS site up on AWS S3. This allowed me to still query the data, but only pay for it when I was actually using it rather than keeping the $20/mo server running 24/7. Recently though, I’ve decided to…
A few years ago I switched my “business” code from Github to Gitlab. The reason for this was… well, I was bootstrapping a business. Every dollar counts, and Github’s private repos were $5/mo while Gitlab was free. Unfortunately almost immediately after I switched everything, Microsoft bought Github and started offering free private repos. I should have switched back immediately. But…
In a massive update to Inexpire, I’ve added tracking tools for my hobby farm. If you are unfamiliar with Inexpire, I wrote about it in a recent post. Inexpire was built to track canned goods and other long-life-yet-perishable items that I might forget about until after they’ve gone bad. I built this tool partially because we stocked up on food…