RSS.Social

Hackerman's Hacking Tutorials

follow: @[email protected]

Posts

AI-Native SARIF

WTF is ... - AI-Native SAST?

So You Wanna Use Your Own LLMs in GitHub Copilot Chat

Kusto Detective Agency: Echoes of Deception - 0-8 Solves

How Burp AI Works

Kusto-Mice: Optimizing Kusto joins

Steam's 'Open in Desktop' Button

Knee Deep in tree-sitter CST

Knee Deep in tree-sitter Queries

A Few Fun Semgrep Experiments

Some SANS Holiday Hack 2023 Solutions

Semgrep's Experimental Rule Syntax

Some SANS Holiday Hack 2022 Solutions

YAML Wrangling with Rust

Code Review Hot Spots with Semgrep

Security Nightmares of Game Package Managers

Some SANS Holiday Hack 2021 Solutions

RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit

A Hands-On Intro to Semgrep's Autofix

Modify GitLab Repositories from the CI Pipeline

Attack Surface Analysis - Part 3 - Resurrected Code Execution

The Thick Client Vulns That Weren't

Semgrep: The Surgical Static Analysis Tool

The JavaScript Bridge in Modern Desktop Applications

Public Remote File Share in The Cloud

Testing Extensions in Chromium Browsers - Nordpass

Attack Surface Analysis - Part 2 - Custom Protocol Handlers

Automagically Deploying Websites with Custom Domains to GitHub Pages

Some SANS Holiday Hack 2020 Solutions

Attack Surface Analysis - Part 1 - Application Update: 'A Novel Way to Bypass Executable Signature Checks with Electron'

The $15000 PlayStation Bounty

Customizing Python's SimpleHTTPServer

The Same-Origin Policy Gone Wild

localghost: Escaping the Browser Sandbox Without 0-Days

No, You Are Not Getting a CVE for That

Thick Client Proxying - Part 11 - GOG Galaxy and Extract-SNI

Go Slices and Their Oddities

Thick Client Proxying - Part 10 - The hosts File

Towards a Quieter Burp History

The Encrypted Logz - Some Simple Reverse Engineering

The Golang int and the Overlooked Bug

Time Management For Systems Administrators - Lessons Learned

Old ContextIS Challenge Solutions

Documentation Writing for System Administrators - Notes

Some SANS Holiday Hack 2019 Solutions

Using Mozilla Rhino to Run JavaScript in Java

Developing and Debugging Java Burp Extensions with Visual Studio Code

Swing in Python Burp Extensions - Part 3 - Tips and Tricks

Swing in Python Burp Extensions - Part 2 - NetBeans and TableModels

Swing in Python Burp Extensions - Part 1

Quality of Life Tips and Tricks - Burp Suite

Disabling Cascade Fan's Beep

Chaining Three Bugs to Get RCE in Microsoft AttackSurfaceAnalyzer

Thick Client Proxying - Part 9 - The Windows DNS Cache

Disabling Burp's Update Screen - Part 1 - Analysis and Failures

The Dark Side of "Manual Work is a Bug"

Hiding OPTIONS - An Adventure in Dealing with Burp Proxy in an Extension

path.Join Considered Harmful

Cheating at Moonlighter - Part 4 - Defense

Cheating at Moonlighter - Part 3 - Enabling Debug HUD

Cheating at Moonlighter - Part 2 - Changing Game Logic with dnSpy

Cheating at Moonlighter - Part 1 - Save File

Notes on Escaping Python Shells

SANS Holiday Hack Challenge 2018 Solutions

Cloudflare Concise Christmas Cryptography Challenges 2019 Solutions

Cryptography in Python Burp Extensions

AES-CFB128: PyCrypto vs. Go

Python Utility Modules for Burp Extensions

Tiredful API - Part 2 - Comparing Site Maps with Burp

Tiredful API - Part 1 - Burp Session Validation with Macros

Cheap Integrity Checks with HEAD

Pointers Inside for

filepath.Ext Notes

Windows Filetime Timestamps and Byte Wrangling with Go

Blackfriday's Parser and Generating graphs with gographviz

DEF CON 26 - Tineola - Youtube Video

Gophercises - Lessons Learned

Reflections on "Manual Work is a Bug"

Tineola: Taking a Bite out of Enterprise Blockchain

DVTA - Part 5 - Client-side Storage and DLL Hijacking

Committing Insurance Fraud with Tineola

DVTA - Part 4 - Traffic Tampering with dnSpy

DVTA - Part 3 - Network Recon

DVTA - Part 2 - Cert Pinning and Login Button

DVTA - Part 1 - Setup

Istanbul Tips and Tricks

ContextIS xmas CTF Writeup

On Username Enumeration

Learning Go-Fuzz 2: goexif2

Learning Go-Fuzz 1: iprange

Semi-Automated Cloning: Pain-Free Knowledge Base Creation

Deploying my Knowledge Base at parsiya.io to S3 with Travis CI

Adding Custom Chroma Styles to Hugo Themes

Blockchain Security Talk at NoVA Hackers

The Great Hiatus

Extracting PNG Chunks with Go

CAP Theorem and Credit Cards

Byzantine Generals' Problem

Byzantine Fault Tolerance and the Telephone Game

Notes from NISTIR 8202 - Blockchain Technology Overview January 2018 Draft

VirtualBox Live State File Format

Mounting Live Snapshots of Encrypted VMs in VirtualBox

Decoding Large Base64 Files with Go

Simple SSH Harvester in Go

Windows XP 32-bit SP3 Virtual Machines

Go and pcaps

"Hacking" Car Mechanic Simulator 2015

cmd Startup Commands

WinAppDbg - Part 4 - Bruteforcing FlareOn 2017 - Challenge 3

WinAppDbg - Part 3 - Manipulating Function Calls

WinAppDbg - Part 2 - Function Hooking and Others

WinAppDbg - Part 1 - Basics

Silly Attack Using Run Line

Run Line vs. cmd vs. PowerShell

Thick Client Proxying - Part 8 - Notes on Proxying Windows Services

Thick Client Proxying - Part 7 - Proxying .NET Applications via Config File

Razer Comms

TLDR: Base64

From Atom to Sublime Text

The Great Hiatus

Thick Client Proxying - Part 6: How HTTP(s) Proxies Work

Gynvael Coldwind - Garage4Hackers - Notes from March 2014

Windows Netsh Interface Portproxy

Go Notes

Learning Go

Thick Client Proxying - Part 5: FileHippo App Manager or the Bloated Hippo

Looking for Apps to Proxy

Cloudfront and TLS

Thick Client Proxying - Part 4: Burp in Proxy Chains

Hugo Octopress Update

Thick Client Proxying - Part 3: Burp Options and Extender

Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More

Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners

Cheat Sheet

Installing Burp Certificate Authority in Windows Certificate Store

Archive Page in Hugo

From Octopress to Hugo

Why Hugo?

Intro to .NET Remoting for Hackers

Proxying Hipchat Part 3: SSL Added and Removed Here :^)

Proxying Hipchat Part 2: So You Think You Can Use Burp?

Proxying Hipchat Part 1: Where did the Traffic Go?

Network Traffic Attribution on Windows

Image Popup and Octopress

Tales from the Crypt(o) - Leaking AES Keys

Pin Adventures - Chapter 1 - PinSolver Mk1

Building memfetch on Kali + Comments

My Adventure with Fireeye FLARE Challenge

Malware Adventure

Fireeye's FLARE Challenge

Apple's Common Crypto Library Defaults to a Zero IV if One is not Provided

Piping SSL/TLS Traffic from SoapUI to Burp

Pasting Shellcode in GDB using Python

Amazon S3 and CSS

Now hosted on Amazon S3

How do I TLS Ciphersuite?

Microsoft Bluehat Challenges

Snow Crash and Malware

Update Inc

MarkDown and Cookie Clicker

Hello Octopress

Who is this guy?

All Posts

License