Goodbye World - Migrating Away From Medium | Graduation & Next Steps

Introduction Hello everyone and welcome to the first exclusive post on my new personal website! I am very excited to be here and I hope that you are as well. The picture above is a bit dramatic, but communicates the message that I have decided to move forward. Those who have been following me will know that I first began my technical blog on Medium, which was an approachable outlet for sharing my knowledge as I first entered the field....

2024-05-03 · 5 min · Ally Petitt

How to Find more Vulnerabilities — Source Code Auditing Explained

https://images.pexels.com/photos/374559/pexels-photo-374559.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1 Introduction Whitebox penetration testing can be intimidating. Complex web applications may contain hundreds of thousands of lines of code and deciphering the connection between the various web components and their numerous implementations is challenging. A powerful, yet simple technique to approach the code review of such an application is to break it into manageable pieces. In this article, I will be outlining a methodology that can be used to break down large web applications, such as Content Management Systems (CMSs) into manageable components that can be systematically analyzed for vulnerabilities or logic errors....

2024-01-01 · 6 min · Ally Petitt

How to safely convert to LVM without losing your data

Introduction This article is a walkthrough that demonstrates the solution to a particular situation that computer owners may encounter when updating their system. For readers who do not fit into the scenario listed below, this is also a great article for familiarizing yourself with the practical application of logical volume manager (LVM). Otherwise, feel free to modify your approach as works best with your scenario. Scenario: You have a hard drive with all your files on it that uses physical partitions....

2023-08-19 · 4 min · Ally Petitt

5 Ways I Found Your Deleted Files

Computer Forensics for File Recovery https://edgy.app/wp-content/uploads/2018/04/dataleakhackerGorodenkoff-970x546.jpg Introduction When a file is “deleted”, its contents aren’t typically erased from the storage device that it was stored on. More often than not, the blocks that stored the file are marked as unallocated and the filesystem pointers are removed from it. The implication is that the file still exists on the disk until it is overwritten. There are many methods to recovering the raw, unallocated data....

2023-05-13 · 9 min · Ally Petitt

How to Encrypt a Drive in Linux

Introduction Hey everyone, this is a pretty quick article on LUKS drive encryption on Linux with the cryptsetup library. By following the steps outlined here, you will be able to encrypt a drive, decrypt it, and mount it. This was done in a Kali Linux VM and commands may vary for other distributions. Disclaimer: This is not an area that I have much experience in so if details are inaccurate, I apologize in advance....

2023-05-05 · 5 min · Ally Petitt

Snort IPS Quickstart

Introduction Snort is an open source Intrusion Prevention System (IPS) that detects malicious network traffic by comparing the network packets to a set of rules, often created by Snort and the community. Snort can be used as a packet sniffer, packet logger, and intrusion prevention system. In this article, I’ll go over some of the first steps of installing, configuring, and running Snort so that new users have a place to branch off of....

2023-05-02 · 5 min · Ally Petitt

Restoring Files in /usr/include

Hi guys, I made a mistake. In my frustration trying to debug my C program, I inadvertently deleted all the files within my /usr/include folder. I didn’t realize at the time that this was a very important folder! As explained here, it stores the Linux kernel’s libc header files! Rookie mistake, but luckily for us, there’s ways to fix it. If your /usr/include folder is also looking more empty than the shelves during COVID, I come bearing the solution....

2023-04-13 · 2 min · Ally Petitt

How to Create and Deploy Your Own Cloud Server with NextCloud

Why Create a Cloud Server? As many security-conscious people are aware, saving something in the cloud really means saving it on somebody else’s computer. When using cloud services, you don’t own the data that you upload, nor do you own the program that you’re using. Additionally, it is within the cloud service provider’s rights to delete your data or remove your access to it if they had technical issues, went bankrupt, or you missed a bill....

2023-04-09 · 5 min · Ally Petitt

Practical Demonstration: DNS Spoofing + Home Lab

DNS Cache Poisoning on Home Lab Walkthrough https://www.okta.com/sites/default/files/media/image/2021-04/DNSPoisoning.png Overview In this article, I will be walking you through a common method of implementing DNS cache poisoning on a network. I’ll illustrate my process with screenshots, commands, and explanations. You are welcome to follow along and gain hands-on experience with DNS spoofing to further reinforce the knowledge that you already have. Intended Audience This is intended for a more technical audience. If you’re a beginner, I recommend looking for a more comprehensive tutorial to walk you through all the terminology and commands....

2023-03-28 · 5 min · Ally Petitt

Pentester’s Guide to Performing File Transfers

Foreword To avoid detection, it is best to use tools that are native to the victim’s computer. FTP with Windows Host While having a shell on the Windows machine, start an FTP server on your host machine. Follow these steps if you don’t already have FTP server installed: sudo apt-get install vsftpd sudo service vsftpd start service vsftpd status #status should be active To check if your server is working, type ftp localhost....

2022-06-08 · 3 min · Ally Petitt

Antivirus Evasion: What it is and How to do it

How Does Antivirus Software Actually Work? Antivirus software acts as a defense from trojans, viruses, ransomware, spyware, adware, and much more. There are 3 main ways that it detects malware: signature-based detection, heuristic-based detection, and anomaly-based detection. Signature-Based Detection The scanner will search for specific strings in a program and check for them in a database of known viruses. The strings are often the payload of the malicious code. If the signatures match, the activity is flagged for suspicious activity....

2022-05-30 · 3 min · Ally Petitt

Mustacchio Walkthrough | Try Hack Me | Ally Petitt

Introduction Hey everyone! This is a write-up of how I was able to pwn the Mustacchio machine. I hope you enjoy! Notes: This was done on a Kali Linux machine so the commands might be slightly different if you are on Windows Enumeration To begin, I scanned for open ports using RustScan. RustScan, for those who have never heard of it, is essentially a much faster version of Nmap. You can use Nmap if you prefer....

2022-02-18 · 6 min · Ally Petitt