Introducing Dumpscan

A convenient tool for extracting secrets from memory dumps

Dumping RSA Certificates with Volatility (Part 2)

Writing a Volatility plugin to extract private keys

Dumping RSA Certificates with Volatility (Part 1)

Writing a Volatility plugin to extract RSA certificates

[picoCTF] 2022 Reverse Engineering Walkthrough

[picoCTF] Beginner picoMini 2022 Walkthrough

Bypassing Python3.8 Audit Hooks

First of all, if you think you’re being cool and edgy by still using Python2.7, I’m gonna need you to unthink that ASAP. Python2.7 is reaching end-of-life very soon and we should all be moving on up…to the 3 side…and finally get async with that Py. That joke might go over a lot of heads. Anyway, this post is likely to be the first in a multi-part series of talking about a new feature that is coming in Python 3....

BeaconGraph v0.69 Released

Why from v0.2 to v0.69? Cause I’m immature AF and it probably made you want to read this blog post. Back in October 2018, I released a tool called BeaconGraph after attending the SANS SEC617: Wireless Penetration Testing and Ethical Hacking course taught by James Vidal. I released a PoC of BeaconGraph after I realized that airgraph-ng could use a more modern look. However, that version of BeaconGraph was not very user-friendly, as it was more of a Proof-of-Concept than a usuable tool....

Bug Bounty Adventures: This Is the Wrong Porn!

I haven’t had much luck with bug bounties. At the time of writing, all of my submissions except one have been duplicates, which can be really demotivating. But instead of giving up, I decided to shift my focus over to learning how to analyze mobile applications, particularly Android APKs. Since then, I’ve glanced through a number of APKs while looking for low hanging fruit. With only a minor understanding of the mobile world, I looked through previously disclosed bounties in order to see what kind of things I should be looking for....

BlackPlanet: Why Proper SSL Implementation Matters

UPDATE: A few hours after writing this post, BlackPlanet correctly implemented HTTPS redirects on their site! While it likely had nothing to do with this blog, it’s great to see they are taking a more serious approach to security. There’s no doubt that there’s been an increase of demand on companies and websites to ensure that user data is protected from end-to-end. This includes both transmission and storage of data, particularly sensitive information such as passwords....

Pentesting With IronPython

After digging into IronPython more with the intent to create more modules for SILENTTRINITY, I decided I would release some of the other tools I’ve been working on. As Python is more my speed than C# and PowerShell currently are, I decided I would get more practice learning my way around the .NET Framework by converting C#/PowerShell scripts into IronPython to determine the limits of the language, if any. The best part is that since these tools primarily use the ....