It has been a while since I did a CTF so i decided to dive into one and I selected the Bulldog CTF created by Nick Frichette, you can find it here,211/. It was a great exercise that helped remind me of some basic things to check when doing pen tests or CTFs. I […]

Due to the positive response I got on my previous write up, I figured I’d keep the ball rolling and do another. Thank you to everyone who shared the last post, and I hope that you find this write up just as enjoyable. Tutorial Mode Server Side Request Forgery (SSRF) is just a fun bug […]

Ignoring that fact that I’m less than consistent with my blog posts, you’d think that I’d do a bug bounty write up at some point. I recently reached the top 100 on Bugcrowd and I’ve spent some time on other self managed programs. Well, the time has finally come. I participated in an invite-only program […]

Star Wars fans, let’s be honest here.  All of us at one point or another dreamed of being Boba Fett.  Who doesn’t want a jet pack, a blaster rifle/flame thrower, and an awesome back story?  Not to mention, an inherently bad-ass job.   Even 9 year old Matt was flying his mini version of the […]

I left college with a decent amount of programming experience, mostly in Java, but never really had an opportunity to actually use it.  Sure, I had an <sarcasm>absolute blast</sarcasm> creating everything from calculators, to red-black trees, to web servers while at school, but I was never really able to apply it to something I found […]

The security community has a lot of perks, low unemployment, lots of excitement, new challenges every day, and an endless supply of things to learn. However not everyone likes what we do and not everyone likes to listen to us, ever. There are so many bugs out there that a large amount of us like […]

Jeremy Brown gave an awesome presentation at DEFCON 18 about Exploiting SCADA systems. That was almost 7 years ago. Several other industry professionals including my self have given presentations on defending, security, and exploiting these systems. They are all posted online and you can access them for free. All of these talks highlight a common […]

  Defense in Depth, conceptually, is described in such a way that layered security increases the security of a system as a whole. In the event where one system is compromised, other mechanisms provide the necessary security to protect the system. It is the antithesis of a singular point of failure, and actively avoids this […]

Human nature is amazing. I can tell you that there are a million stars in the sky and you will believe me. I can tell you that the paint on the wall is wet, and 8 out of 10 people will touch it to make sure. Social engineering and phishing email scams are part of […]

In Greek Mythology, Thanatos was a minor figure and daemon personification of death. He always had a strained relationship with the man at the top, Zeus. In the Malware world, Zeus is about to be overthrown. In 2014, the FBI and UK NCA (National Crime Agency) spent exhaustive resources taking down two of the world’s […]