Posts

  • Building a Data-driven AppSec Programme with Kiln

    This post is based on a talk I gave at BSides Leeds 2020 on an open source security tooling project I’ve been working on called Kiln.

  • HackTheBox - Writeup

    The Writeup box on Hack The Box retired a while ago, but I’m only just getting around to publishing a writeup on my experience rooting this fun and interesting box. It’s one of the first boxes I’ve completed on Hack The Box and although it’s rated ‘Easy’, I learned a lot!

  • HackTheBox: Bastion Writeup

    This is a writeup for the “Bastion” box on HackTheBox that retired a little while ago. This was my first time targeting a Windows machine, so while I spent a while figuring out what to do, it learned a lot in the process!

  • First Steps with Embedded Rust: Part 1

    Earlier this year I went to SecuriTay, an awesome security conference hosted by the Ethical Hacking Society at Abertay University in Dundee (big shout out to Abertay Hackers, they put on an awesome conference!). Of the talks I saw, two in particular stood out: Hardware Isn’t Hard by Graham Sutherland (@gsuberland) (Full disclosure, Graham is a good friend of mine, so I might be a tad biased!) and 7 Hardware Hacks for 7GBP by Joe Fitzpatrick (@securelyfitz). I’ve been interested in learning how hardware works and how to develop software for embedded platforms for a while, but these two talks made it look relatively easy to get started. Bear in mind, at this point I didn’t even know how to solder!

  • Boot To Root Walkthrough - Zico2

    As part of an effort to learn more about security, I’ve decided to start working on Boot2Root VM’s from VulnHub. I’ve always felt that documenting the steps you have taken to achieve something and then writing those notes up into something that past you would have appreciated as a learning resource is a great way of clarifying your knowledge and also honing your technical writing skills. As this is primarily a personal learning exercise, I will also be documenting the main things I have learned by tackling each VM.

  • Building a Certificate Authority in Rust - Part 1

    In this post, I’m going to be exploring the core functionality of the Certificate Authority (which I’m going to be calling Quicklime), explaining what I’m planning on using as a central data store and what questions I don’t yet have answers to. If you’ve not already done so, I suggest reading the first part of this series, where I describe why I want to build a Certificate Authority in the first place and the basic functionality I want to implement.

  • Building a Certificate Authority in Rust - Part 0

    Recently, I’ve been playing with Rust and the Rocket crate to simultaneously learn some more Rust and also because I find working with HTTP services interesting. After spending a bit of time getting a Hello World running, I tried expanding it with a route that accepts a POST request with a JSON array of numbers and returns the sum of that array. I was struggling with getting Serde to work with a list of i32s, turns out I was using a slice when I should have been using a Vec. But once I’d got that figured out, I started thinking about what I could build that would be both non-trivial and that I would find interesting.

  • Digging Into Password Storage in DotNetNuke

    On 31st of May I received an email from Scrum.org notifying me that they suffered a data breach on or before the 26th May. I’ve included the important part of the breach notification email below.

subscribe via RSS