#throwback to a couple of semesters ago. I have an assignment that was pretty much free reign, it just had to be remotely security related, and I decided to write a perl script that solves mono-alphabetic substitution ciphers in most European languages (it's on my GitHub). You know, the ones where each letter is replaced … Continue reading Cipher Decoder →

Now that things are looking pretty close if not finished (the framework that is), I've been working on scripts to generate obfuscated versions of wendigo, as well as some other helper scripts to make things easy to use. Pending a last testing round with everything in place everything should be working. The main generation script … Continue reading Generation Scripts →

I recently finished the third iteration of The Hacker Playbook by Peter Kim. Having read the second edition a little while ago I was slightly disappointed. I found it to be a little rushed and sloppy compared to the previous edition. It stayed true to the name of a tips and tools book (without too … Continue reading The Hacker Playbook →

Tested the upload encryption and the the module/config file decryption and everything is working correctly. This testing lead me to create some scripts to generate key pairs and encrypt/ upload module files. I'm currently in the process of updating those scripts to be more general purpose and have option parsing capability with the argparse library. … Continue reading Wendigo Update →

I had always been interested in security, even before I got into programming. I was that kid in high school that would hack your wifi instead of asking for the password (ah, the days of WEP). So, after a break from uni I decided that when I went back I was going to change majors … Continue reading Where it all began →

Wendigo is now in a pretty good place and everything I've tested is in good working order. (Yet to test any encryption or generally pushing to GitHub, but that's easy enough.) Although my perfectionism is being triggered because there's always something I could tune (even if there's not), I've decided to move onto writing a … Continue reading Obfuscation →

My current project is wendigo, a malware framework written in python, which uses GitHub for C2. The inspiration was taken from Black Hat Python by Justin Seitz, which featured an example skeleton and the main concepts that are used. I've taken some of the design and the basic ideas, but have rewritten almost all of … Continue reading The Wendigo Framework →

This week, after a long and arduous battle, I finally finished the Web Application Hackers Handbook. And let me tell you, it wasn't giving up without a fight. This was definitely one of the longest and driest books I have ever laid my eyes on. 800 pages of pure textbook. It was glorious. Now, that … Continue reading The Webapp Hackers Handbook →

As the saying goes, the best time to start a portfolio blog is a couple of years ago, but the second best time is now. Or was that about trees? Either way, here we are. This is the blog I should already have. And in the spirit of making up for lost time I'll be … Continue reading The Second Best Time →