Tutorial

Introduction Hello everyone and welcome to the first exclusive post on my new personal website! I am very excited to be here and I hope that you are as well. The picture above is a bit dramatic, but communicates the message that I have decided to move forward. Those who have been following me will know that I first began my technical blog on Medium, which was an approachable outlet for sharing my knowledge as I first entered the field....

https://images.pexels.com/photos/374559/pexels-photo-374559.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1 Introduction Whitebox penetration testing can be intimidating. Complex web applications may contain hundreds of thousands of lines of code and deciphering the connection between the various web components and their numerous implementations is challenging. A powerful, yet simple technique to approach the code review of such an application is to break it into manageable pieces. In this article, I will be outlining a methodology that can be used to break down large web applications, such as Content Management Systems (CMSs) into manageable components that can be systematically analyzed for vulnerabilities or logic errors....

Introduction This article is a walkthrough that demonstrates the solution to a particular situation that computer owners may encounter when updating their system. For readers who do not fit into the scenario listed below, this is also a great article for familiarizing yourself with the practical application of logical volume manager (LVM). Otherwise, feel free to modify your approach as works best with your scenario. Scenario: You have a hard drive with all your files on it that uses physical partitions....

Computer Forensics for File Recovery https://edgy.app/wp-content/uploads/2018/04/dataleakhackerGorodenkoff-970x546.jpg Introduction When a file is “deleted”, its contents aren’t typically erased from the storage device that it was stored on. More often than not, the blocks that stored the file are marked as unallocated and the filesystem pointers are removed from it. The implication is that the file still exists on the disk until it is overwritten. There are many methods to recovering the raw, unallocated data....

Introduction Hey everyone, this is a pretty quick article on LUKS drive encryption on Linux with the cryptsetup library. By following the steps outlined here, you will be able to encrypt a drive, decrypt it, and mount it. This was done in a Kali Linux VM and commands may vary for other distributions. Disclaimer: This is not an area that I have much experience in so if details are inaccurate, I apologize in advance....

Introduction Snort is an open source Intrusion Prevention System (IPS) that detects malicious network traffic by comparing the network packets to a set of rules, often created by Snort and the community. Snort can be used as a packet sniffer, packet logger, and intrusion prevention system. In this article, I’ll go over some of the first steps of installing, configuring, and running Snort so that new users have a place to branch off of....

Hi guys, I made a mistake. In my frustration trying to debug my C program, I inadvertently deleted all the files within my /usr/include folder. I didn’t realize at the time that this was a very important folder! As explained here, it stores the Linux kernel’s libc header files! Rookie mistake, but luckily for us, there’s ways to fix it. If your /usr/include folder is also looking more empty than the shelves during COVID, I come bearing the solution....

Why Create a Cloud Server? As many security-conscious people are aware, saving something in the cloud really means saving it on somebody else’s computer. When using cloud services, you don’t own the data that you upload, nor do you own the program that you’re using. Additionally, it is within the cloud service provider’s rights to delete your data or remove your access to it if they had technical issues, went bankrupt, or you missed a bill....

DNS Cache Poisoning on Home Lab Walkthrough https://www.okta.com/sites/default/files/media/image/2021-04/DNSPoisoning.png Overview In this article, I will be walking you through a common method of implementing DNS cache poisoning on a network. I’ll illustrate my process with screenshots, commands, and explanations. You are welcome to follow along and gain hands-on experience with DNS spoofing to further reinforce the knowledge that you already have. Intended Audience This is intended for a more technical audience. If you’re a beginner, I recommend looking for a more comprehensive tutorial to walk you through all the terminology and commands....

Foreword To avoid detection, it is best to use tools that are native to the victim’s computer. FTP with Windows Host While having a shell on the Windows machine, start an FTP server on your host machine. Follow these steps if you don’t already have FTP server installed: sudo apt-get install vsftpd sudo service vsftpd start service vsftpd status #status should be active To check if your server is working, type ftp localhost....

How Does Antivirus Software Actually Work? Antivirus software acts as a defense from trojans, viruses, ransomware, spyware, adware, and much more. There are 3 main ways that it detects malware: signature-based detection, heuristic-based detection, and anomaly-based detection. Signature-Based Detection The scanner will search for specific strings in a program and check for them in a database of known viruses. The strings are often the payload of the malicious code. If the signatures match, the activity is flagged for suspicious activity....

Introduction Hey everyone! This is a write-up of how I was able to pwn the Mustacchio machine. I hope you enjoy! Notes: This was done on a Kali Linux machine so the commands might be slightly different if you are on Windows Enumeration To begin, I scanned for open ports using RustScan. RustScan, for those who have never heard of it, is essentially a much faster version of Nmap. You can use Nmap if you prefer....