A Note on Hacktoberfest, and EZShellz Hacktoberfest is a really cool event, but people are kind of ruining it by creating spammy PRs in the name of receiving a free shirt [https://joel.net/how-one-guy-ruined-hacktoberfest2020-drama]. It kind of sucks, because it's supposed to be a really cool event in which people get to learn
hacktoberfest Hacktoberfest Signed up for Hacktoberfest again this year. It's good stuff. Last year, I got a free shirt after submitting some pull requests for my TacoBot Twitter Bot. It was pretty cool. I haven't kept up with poor TacoBot, but he's still kind of around
fitness I'm Back. Also, Exercise is Good! Hey, all. I'm back. I was away for a good while because I've been having some crazy shoulder pains from extended hours on the keyboard. I later learned that it's something called Mouse Shoulder [https://leamington-osteopaths.co.uk/portfolio/mouse-shoulder/]. At least, that'
hackthebox Hack the Box - Magic I thought I'd try something kind of new with this. I'm going to put together the write up that covers how I solved it on my own. Then I'm going to post some links to write ups that solved it in some notable different
sql Port Swigger's Web Security Academy is Good Stuff One of my current weak points (and there are many) is SQL injection. I just can't quite pull them off yet. Sure, I know the basics like or '1'='1' stuff. Even then, it's a bit rocky for me. It's
hackthebox Hack the Box Walkthrough - Traceback Traceback is an easy box on Hack the Box. The premise is that it got pwned and the attacker left a back door for us to use. It was retired this week, so now I can write about it. Of course the first thing we do is run Nmap. Here&
ssh Watching this today Watching this and taking some notes. Maybe I'll learn a new thing or two. I'm always working on my skills with SSH tunnelz. Read a bit about my journey through tunnelz here: https://danielxblack.ghost.io/cyber-plumbers-handbook-thoughts/ [https://danielxblack.ghost.io/cyber-plumbers-handbook-thoughts/]
OSCP Learned something new about reverse shells this weekend I've been working on more Windows boxes lately as part of my OSCP preparation. It's no secret to any of my friends who know me personally that I'm not a big fan of working on Windows. Tough luck. Have to learn. Anyway, Windows doesn&
OSCP As I work towards my OSCP I've been working on my OSCP for some time. I just never feel quite ready. I've been pwning more and more machines on Hack the Box. Things are making much more sense, and it's coming together better than it did before. That said, I
CTF Bypassing File Upload Restrictions with Magic Byte and a Hex Editor This is a pretty cool, but easy, trick I learned today when working on a challenge. We've talked a bit about Magic Byte in the past when we did Networked on HTB [https://danielxblack.ghost.io/hack-the-box-networked/]. Basically, it's a string that indicates a file type.
OSCP Cool new trick I learned to transfer files to Windows boxes My buddy Julian and I are both on the road to OSCP. We've been setting up study sessions where we attack boxes from TJ Null's list of OSCP-like boxes [https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#] . It's a live list that&
nmap Nmap is Cool - TCP SYN scans Back when I was first learning about Information Technology (IT in a general sense, not infosec), and had absolutely no idea what I was doing (as if I do now) is when I first discovered Nmap. Pretty cool utility, but I actually had no idea what it was doing or
reading Currently Reading - Web Security for Developers Web Security for Developers by Malcolm McDonald from No Starch Press [https://nostarch.com/websecurity]. I picked up this book, because it looked pretty cool. I'm not a web developer, but I like to know what it looks like when a web developer makes a mistake. Currently, I&
OSCP Thoughts as I work through some studies I've been cracking away at studying for the OSCP certification. It's taken quite a bit of my time, but I want to accomplish it. I've also been sitting on the eLearn Security eCPPT course. It's good content, but I'm more
hackthebox Hack the Box - OpenAdmin OpenAdmin was one of my favorite boxes. It's actually not very difficult, but it has just enough to force you to look around a bit. I enjoyed it because I felt like nothing was really guesswork. Everything I needed was presented to me on the box and in
hackthebox Hack the Box - Sense This is actually one of my least favorite boxes. The wordlist I had to use to have any idea of what to do next was obnoxiously long. After you get past that hurdle, it's pretty much instaroot from there. That said, I try to find value in everything.
hackthebox Hack the Box - Bashed Bashed is a pretty easy box. It sets you up for an easy win and gives you a really cool tool I've used quite a few times for gaining web shells, like the one I used in Networked [https://danielxblack.ghost.io/hack-the-box-networked/]. It's called phpbash,
infosec Aliases. Because I'm a lazy bugger. It may seem ironic given that I spend all day on a computer. If I'm not working doing things on a computer, I'm working doing things on a computer. Despite that, I am actually pretty lazy when it comes to typing. I hate typing any more
vulnerabilities CVE-2020-5902 Sadly, this vulnerability doesn't have a cool logo and a theme song. Just some POCs. Yeah, at this point, we've all heard about CVE-2020-5902 related to F5 Networks' BIG-IP. Which, to my knowledge is a load balancer [https://www.f5.com/services/resources/glossary/load-balancer#
impostor syndrome On Impostor syndrome Impostor syndrome is that crappy feeling you get when you convince yourself that you are stupid and have no idea how you got where you are. You feel like a big fake that will soon get discovered for being a big fake. It's a feeling of total defeat.
Raspbian Finding Raspberry Pi Webservers with Shodan Something I like doing every once in a while when bored, is searching Shodan for Raspberry Pi webservers. It's kind of cool, because a lot of these are just regular folks hosting a web server on a Raspberry Pi with whatever the heck they felt like throwing on
TCP vs UDP Going back to the times when I first started learning about information technology and networking, I have to say, I was pretty clueless. That's not to say I'm full of knowledge today, but my past self would definitely think I know something. I guess I can
tacos Favorite Taco Bell order? I know I call this blog and my site, Tacos and Security. (Or Tacos n' Security, whichever I feel like typing at the time.) It's because I like tacos. A lot. Sure, judge me for liking Taco Bell. I won't care. Anyway, I thought I&
