Tags

cybersecurity

Damn Vulnerable Web Application v1.10 Virtual Machine

  • 1 min read

The latest binary release for Damn Vulnerable Web Application is an ISO of the 1.0.7 version. It was released almost ten years ago in 2010. And the way to install a newer version is quite a lengthy process, so I decided to release this virtual machine with everything already set up.

Read More

Unknowndevice64 writeup

  • 4 min read

This is a short and fun machine available on VulnHub. The machine has no outdated, vulnerable software, but is set up as a fun CTF challenge with a few intentional configuration mistakes you’re supposed to exploit to get a root shell.

Read More

bWAPP writeup

  • 5 min read

bWAPP is a PHP application specifically designed to be exploited. It contains many bugs and vulnerabilities, and allows you to select the security level, similar to the well known Damn Vulnerable Web Application. You can download it here.

Read More

Kuya 1 writeup

  • 8 min read

This is a relatively easy to crack machine. Let’s start with the basics: Reconnaissance.

Read More

The five phases of ethical hacking

  • 1 min read

An Ethical Hacker is someone who specialises in computer security through what’s known as “Penetration Testing”, which are series of exercises carried out against computer systems to spot vulnerabilities and weaknesses.

Read More

Post-Exploitation: spawning a shell

  • 3 min read

Once you have gained shell access on a machine, you will often find the prompt extremely limited, especially if you have used manual exploitation. In these cases, the shell often cannot perform basic tasks that you would expect from a fully interactive shell prompt like Bash, or zsh. You will also be unable to run intensive interactive commands such as the Vim text editor, or ncurses-based programs.

Read More

What Apple’s T2 chip means for the security of Macs

  • 4 min read

An article by Mac Rumors was recently published, revealing Apple had designed a component, which, according to an Apple document, would “result in an inoperative system” in the event a hardware replacement or repair was performed without running a proprietary diagnostics solution after.

Read More

The fun begins: HackTheBox.eu

  • 1 min read

It’s been a while since I joined https://www.hackthebox.eu/. Probably more than a year. And I haven’t really had the time to spend trying to break into the machines, because of my university studies, but now summer is coming, so I will be able to dedicate more resources to it.

Read More

Static analysis tools for Windows

  • 2 min read

I’m currently studying malware analysis, so I wanted to write a post on the tools I’ve been using recently, to serve as a reference for me and hopefully for anyone interested in binary reversing.

Read More

Back to Top ↑

tip

Breaking bad habits thanks to dark patterns

  • 6 min read

Most digital products and services are optimised to generate as much revenue as possible. An app will only generate revenue for the creator for as long as you keep actively engaging with it. Therefore, one of the most important digital metrics is what’s called “user retention”. This is the percentage of users that return to the app in a specific timeframe.

Read More

SSH tunnelling

  • 2 min read

Quick reference guide to use when you need to use OpenSSH’s various tunnelling features.

Read More

Docker cleanup commands

  • 2 min read

It is important that from time to time, machines running Docker are cleaned because otherwise, Docker leftovers will start piling up and eating precious storage space.

Read More

Push notifications for Linux logins

  • 4 min read

An easy walkthrough on enabling instant push notifications for logins and logouts on a Linux system with Pushover. You will need a Pushover account. Pushover is a proprietary service for smartphones, with a single-time purchase application which includes a generous free quota (never ever surpassed the “free” limits for any of my personal projects, and I receive sometimes more than 20 notifications per day). Register for a free account here.

Read More

Automating Proxmox with Ansible

  • 4 min read

Ansible is an automation platform for managing machines. When combined with Proxmox, it becomes a ridiculously powerful tool to orchestrate virtual datacenters.

Read More

Post-Exploitation: spawning a shell

  • 3 min read

Once you have gained shell access on a machine, you will often find the prompt extremely limited, especially if you have used manual exploitation. In these cases, the shell often cannot perform basic tasks that you would expect from a fully interactive shell prompt like Bash, or zsh. You will also be unable to run intensive interactive commands such as the Vim text editor, or ncurses-based programs.

Read More

The DEFINITIVE guide to defeating spammers

  • 6 min read

Nowadays, spamming is a very common technique, and nobody can deny that. Spamming is so cheap that even a 10% opening rate is a tremendous success, because sending e-mails doesn’t require paying fees to ISPs (like you would with mass SMSs and robocalls), and it also doesn’t require hiring anyone to take the time to manually write and send e-mails (as opposed to postal spam, which have to be physically delivered into mailboxes by people), when you can just buy e-mail addresses in bulks by thousands of providers that sell active e-mail addresses by prices so ridiculously affordable, it lowers the barrier to entry dramatically.

Read More

Productivity

  • 17 min read

In the past, I used to struggle with my productivity, no matter how hard I seemed to study, my grades didn’t reflect it. I was quite stubborn in believing I wasn’t at fault, like some kind of genius who nobody understood, and reading quotes like this one certainly didn’t help me understand it was actually my problem. I was in denial.

Read More

Back to Top ↑

opinion

Breaking bad habits thanks to dark patterns

  • 6 min read

Most digital products and services are optimised to generate as much revenue as possible. An app will only generate revenue for the creator for as long as you keep actively engaging with it. Therefore, one of the most important digital metrics is what’s called “user retention”. This is the percentage of users that return to the app in a specific timeframe.

Read More

My path into AWS: Part 1, Introduction

  • 9 min read

This will be a series of posts on the AWS recruitment process. If you wish to see a list of all the posts for this series, click here. I will try to cover everything I find relevant, but I’m open to suggestions on what to include. Let me know via Twitter!

Read More

What Apple’s T2 chip means for the security of Macs

  • 4 min read

An article by Mac Rumors was recently published, revealing Apple had designed a component, which, according to an Apple document, would “result in an inoperative system” in the event a hardware replacement or repair was performed without running a proprietary diagnostics solution after.

Read More

The power of silence

  • 1 min read

I find silence to be grossly underestimated. We live in an era of permanent distraction. Companies use loud, aggressive marketing in the form of advertisements to grab your attention and get you to buy whatever it is they’re selling. Our smartphones have become distraction devices that instead of boosting our productivity, and increase our focus, are loaded of applications that send notifications indiscriminately, connecting us to real-time events instantly.

Read More

Why I use a MacBook

  • 7 min read

In this article, I want to explain why I use a MacBook. I am convinced it is the superior desktop OS, but I also think everyone should use what suits them. In my case, that would be macOS.

Read More

Password managers

  • 4 min read

The Internet nowadays is a very messy place. Identity theft, e-mail confirmations, instant notifications, mobile devices, multiple accounts, data leaks, account dumps, service breaches, malware that steals your bank’s information, scammers, identity theft…

Read More

Don’t share Microsoft Office documents: use open formats

  • 4 min read

It’s very common, in certain situations, to share OOXML files such as .docx from Microsoft Word and .pptx from Microsoft PowerPoint. I’ve seen this happen most often in schools, universities, and educational institutions in general. I will try to explain why this is generally a bad idea.

Read More

Back to Top ↑

writeup

Unknowndevice64 writeup

  • 4 min read

This is a short and fun machine available on VulnHub. The machine has no outdated, vulnerable software, but is set up as a fun CTF challenge with a few intentional configuration mistakes you’re supposed to exploit to get a root shell.

Read More

bWAPP writeup

  • 5 min read

bWAPP is a PHP application specifically designed to be exploited. It contains many bugs and vulnerabilities, and allows you to select the security level, similar to the well known Damn Vulnerable Web Application. You can download it here.

Read More

Kuya 1 writeup

  • 8 min read

This is a relatively easy to crack machine. Let’s start with the basics: Reconnaissance.

Read More

Back to Top ↑

career

When the “better coding style” is the wrong style

  • 3 min read

Code is always read more than it is written or debugged. It is of the utmost importance that code is optimised for readability. And in this regard, it must be written such that the largest amount of people possible can read and understand it as quickly as possible.

Read More

My path into AWS: Part 1, Introduction

  • 9 min read

This will be a series of posts on the AWS recruitment process. If you wish to see a list of all the posts for this series, click here. I will try to cover everything I find relevant, but I’m open to suggestions on what to include. Let me know via Twitter!

Read More

Back to Top ↑

aws

My path into AWS: Part 1, Introduction

  • 9 min read

This will be a series of posts on the AWS recruitment process. If you wish to see a list of all the posts for this series, click here. I will try to cover everything I find relevant, but I’m open to suggestions on what to include. Let me know via Twitter!

Read More

Back to Top ↑

Microsoft

Static analysis tools for Windows

  • 2 min read

I’m currently studying malware analysis, so I wanted to write a post on the tools I’ve been using recently, to serve as a reference for me and hopefully for anyone interested in binary reversing.

Read More

My favourite Visual Studio Code extensions

  • 2 min read

At first, I really disliked Electron and JS-based text editors, like Atom and VSCode, but after learning Vim, and finding many problems with my plug-ins, on different languages (such as MIPS assembly, Java and VHDL), I decided to give VSCode a try, and I have been very impressed by how well Visual Studio Code works. It’s much faster than JS-based editors used to be, it has amazing community support, and I’m generally faster, and more productive using it. It has fixed a lot of its shortcomings, like its speed.

Read More

Don’t share Microsoft Office documents: use open formats

  • 4 min read

It’s very common, in certain situations, to share OOXML files such as .docx from Microsoft Word and .pptx from Microsoft PowerPoint. I’ve seen this happen most often in schools, universities, and educational institutions in general. I will try to explain why this is generally a bad idea.

Read More

Back to Top ↑

HackTheBox

The fun begins: HackTheBox.eu

  • 1 min read

It’s been a while since I joined https://www.hackthebox.eu/. Probably more than a year. And I haven’t really had the time to spend trying to break into the machines, because of my university studies, but now summer is coming, so I will be able to dedicate more resources to it.

Read More

Back to Top ↑

productivity

When the “better coding style” is the wrong style

  • 3 min read

Code is always read more than it is written or debugged. It is of the utmost importance that code is optimised for readability. And in this regard, it must be written such that the largest amount of people possible can read and understand it as quickly as possible.

Read More

Breaking bad habits thanks to dark patterns

  • 6 min read

Most digital products and services are optimised to generate as much revenue as possible. An app will only generate revenue for the creator for as long as you keep actively engaging with it. Therefore, one of the most important digital metrics is what’s called “user retention”. This is the percentage of users that return to the app in a specific timeframe.

Read More

The DEFINITIVE guide to defeating spammers

  • 6 min read

Nowadays, spamming is a very common technique, and nobody can deny that. Spamming is so cheap that even a 10% opening rate is a tremendous success, because sending e-mails doesn’t require paying fees to ISPs (like you would with mass SMSs and robocalls), and it also doesn’t require hiring anyone to take the time to manually write and send e-mails (as opposed to postal spam, which have to be physically delivered into mailboxes by people), when you can just buy e-mail addresses in bulks by thousands of providers that sell active e-mail addresses by prices so ridiculously affordable, it lowers the barrier to entry dramatically.

Read More

Back to Top ↑

hacking

Damn Vulnerable Web Application v1.10 Virtual Machine

  • 1 min read

The latest binary release for Damn Vulnerable Web Application is an ISO of the 1.0.7 version. It was released almost ten years ago in 2010. And the way to install a newer version is quite a lengthy process, so I decided to release this virtual machine with everything already set up.

Read More

The five phases of ethical hacking

  • 1 min read

An Ethical Hacker is someone who specialises in computer security through what’s known as “Penetration Testing”, which are series of exercises carried out against computer systems to spot vulnerabilities and weaknesses.

Read More

Post-Exploitation: spawning a shell

  • 3 min read

Once you have gained shell access on a machine, you will often find the prompt extremely limited, especially if you have used manual exploitation. In these cases, the shell often cannot perform basic tasks that you would expect from a fully interactive shell prompt like Bash, or zsh. You will also be unable to run intensive interactive commands such as the Vim text editor, or ncurses-based programs.

Read More

Back to Top ↑

VulnHub

Unknowndevice64 writeup

  • 4 min read

This is a short and fun machine available on VulnHub. The machine has no outdated, vulnerable software, but is set up as a fun CTF challenge with a few intentional configuration mistakes you’re supposed to exploit to get a root shell.

Read More

Kuya 1 writeup

  • 8 min read

This is a relatively easy to crack machine. Let’s start with the basics: Reconnaissance.

Read More

Back to Top ↑

amazon

My path into AWS: Part 1, Introduction

  • 9 min read

This will be a series of posts on the AWS recruitment process. If you wish to see a list of all the posts for this series, click here. I will try to cover everything I find relevant, but I’m open to suggestions on what to include. Let me know via Twitter!

Read More

Back to Top ↑

Apple

What Apple’s T2 chip means for the security of Macs

  • 4 min read

An article by Mac Rumors was recently published, revealing Apple had designed a component, which, according to an Apple document, would “result in an inoperative system” in the event a hardware replacement or repair was performed without running a proprietary diagnostics solution after.

Read More

Why I use a MacBook

  • 7 min read

In this article, I want to explain why I use a MacBook. I am convinced it is the superior desktop OS, but I also think everyone should use what suits them. In my case, that would be macOS.

Read More

Back to Top ↑

software-reversing

Static analysis tools for Windows

  • 2 min read

I’m currently studying malware analysis, so I wanted to write a post on the tools I’ve been using recently, to serve as a reference for me and hopefully for anyone interested in binary reversing.

Read More

Back to Top ↑

Proxmox

Automating Proxmox with Ansible

  • 4 min read

Ansible is an automation platform for managing machines. When combined with Proxmox, it becomes a ridiculously powerful tool to orchestrate virtual datacenters.

Read More

Back to Top ↑

system-administration

Docker cleanup commands

  • 2 min read

It is important that from time to time, machines running Docker are cleaned because otherwise, Docker leftovers will start piling up and eating precious storage space.

Read More

Push notifications for Linux logins

  • 4 min read

An easy walkthrough on enabling instant push notifications for logins and logouts on a Linux system with Pushover. You will need a Pushover account. Pushover is a proprietary service for smartphones, with a single-time purchase application which includes a generous free quota (never ever surpassed the “free” limits for any of my personal projects, and I receive sometimes more than 20 notifications per day). Register for a free account here.

Read More

Back to Top ↑

Docker

Docker cleanup commands

  • 2 min read

It is important that from time to time, machines running Docker are cleaned because otherwise, Docker leftovers will start piling up and eating precious storage space.

Read More

Back to Top ↑

aws-path-series

My path into AWS: Part 1, Introduction

  • 9 min read

This will be a series of posts on the AWS recruitment process. If you wish to see a list of all the posts for this series, click here. I will try to cover everything I find relevant, but I’m open to suggestions on what to include. Let me know via Twitter!

Read More

Back to Top ↑

leadership

When the “better coding style” is the wrong style

  • 3 min read

Code is always read more than it is written or debugged. It is of the utmost importance that code is optimised for readability. And in this regard, it must be written such that the largest amount of people possible can read and understand it as quickly as possible.

Read More

Back to Top ↑

software-development

My favourite Visual Studio Code extensions

  • 2 min read

At first, I really disliked Electron and JS-based text editors, like Atom and VSCode, but after learning Vim, and finding many problems with my plug-ins, on different languages (such as MIPS assembly, Java and VHDL), I decided to give VSCode a try, and I have been very impressed by how well Visual Studio Code works. It’s much faster than JS-based editors used to be, it has amazing community support, and I’m generally faster, and more productive using it. It has fixed a lot of its shortcomings, like its speed.

Read More

Back to Top ↑

static-analysis

Static analysis tools for Windows

  • 2 min read

I’m currently studying malware analysis, so I wanted to write a post on the tools I’ve been using recently, to serve as a reference for me and hopefully for anyone interested in binary reversing.

Read More

Back to Top ↑

assembly

Back to Top ↑

x86

Back to Top ↑

privacy

The DEFINITIVE guide to defeating spammers

  • 6 min read

Nowadays, spamming is a very common technique, and nobody can deny that. Spamming is so cheap that even a 10% opening rate is a tremendous success, because sending e-mails doesn’t require paying fees to ISPs (like you would with mass SMSs and robocalls), and it also doesn’t require hiring anyone to take the time to manually write and send e-mails (as opposed to postal spam, which have to be physically delivered into mailboxes by people), when you can just buy e-mail addresses in bulks by thousands of providers that sell active e-mail addresses by prices so ridiculously affordable, it lowers the barrier to entry dramatically.

Read More

Back to Top ↑

Ansible

Automating Proxmox with Ansible

  • 4 min read

Ansible is an automation platform for managing machines. When combined with Proxmox, it becomes a ridiculously powerful tool to orchestrate virtual datacenters.

Read More

Back to Top ↑

aws-cfn

Back to Top ↑

rant

When the “better coding style” is the wrong style

  • 3 min read

Code is always read more than it is written or debugged. It is of the utmost importance that code is optimised for readability. And in this regard, it must be written such that the largest amount of people possible can read and understand it as quickly as possible.

Read More

Back to Top ↑

Telegram

Back to Top ↑

proxy

Back to Top ↑

censorship-evasion

Back to Top ↑

arm

Back to Top ↑

raspberry-pi

Back to Top ↑

alpine-linux

Back to Top ↑