While working on an assignment I came across a couple of interesting python concepts that I thought I'd share with all of my millions of (imaginary) readers. I won't go into too much, because really this is just for me, but I'll give a brief overview on how I think about it (cause frankly I … Continue reading Some Sneaky Python →

Assignment 1 for webapps was mostly recon with a little sqli. For the sqli it was pretty much just throwing and or True style into the login to get the first flag, and then the second was the same but into the cookie, which is something not often though of. As for the recon component, … Continue reading Assignment 1 Writeup →

I know, I know, that is the coolest name ever. While doing assignment 1 for webapp security (which I'll post a write up of at some point next week, well after the due date), I discovered that there was no useful tool, that worked out of the box, to spider a domain and scrape all … Continue reading Project Spiderforce →

Let's look at the next two key pieces of the cyber security education triangle (tm). Firstly, courses need to be pragmatic, that is, practical and grounded in the real world. In the same lecture the lecturer assumed we needed to be taught about truth tables, while at the same time know about some obscure vulnerability … Continue reading Systematic and Pragmatic →

I've done it. I've found what's missing from cyber security education. I have the triangle that all trashy systems have (no offense if your trashy system has a triangle). Get ready. I present to you the cyber security education triangle (aptly named if I do say so myself). *insert picture* The three key points, I … Continue reading Cyber Security Education →

Just an update on how all things wendigo are going. I've been pretty busy/away recently so I've had a bit of a break from code/blogging, but I'm back. The highlights are: - Emailing a random from GitHub to ask about their code, I was writing a cryptomining wendigo module (which is currently just wishful thinking, … Continue reading Putting that degree to good use →

Every security blog needs at least one post with the old cliched stack smashing title. No offense to those bloggers who take themselves too seriously. This week I put together a key logging module for wendigo, as the title suggests. I used the pyHook module, which is unfortunately windows only (but at some point I … Continue reading Key logging for fun and keystrokes →

A little while ago I read both Gray Hat Python and Black Hat python by Justin Seitz. Both were fantastic. I found Gray Hat Python to be a little more "advanced" in that it went into topics such as debugging (and how debuggers worked and what could be done with them), as well as hooking … Continue reading Black Hat Python →

After a few days trying to get this working I finally got it. I created a wendigo module that can import python packages. The original scripts remote import functionality could pull single files from GitHub and import them, but with the design intention that they had been designed to be modular code pieces, and not … Continue reading GitHub package imports →

Today I finished Advanced Penetration Testing by Wil Allsopp. I don't know what quantifies the term "advanced" when it comes to security, but I do see difficulty ratings on a lot security things, I think I'll just leave it. The heart of the book was about emulating an advanced persistent threat, or APT, which is … Continue reading Advanced Penetration Testing →