Tech Help

Lets Talk Hacking First Hacking comes in many shapes colors and sizes these days. It could be a single system being taken over by malware, or it could be a cloud account that has access to 20 systems, development keys, and ability to reset other users credentials. There is a wide range of ways to gain access to information in today's modern infrastructure landscape. Some of the more common types is system and account compromise. Both can lead to each other given the right scenarios, and sometimes neither is necessary for compromise of information. Such as a website that has an exploit which leaks information it shouldn't. Finding evidence of these may come in various flavors as well. Such as an antivirus detection alerting but not quarantining, or a network detection tool flagging a suspicious pattern of callback-like activity. In both of these example cases, you'd want to further investigate. In this post, we'll walk through doing this under the system compromise persp...

GCFE I often see where people took or are taking certifications and list how they went through the materials. So lets do one of those posts. Here's the latest thing I'm working on passing. I already have worked in DFIR (Digital Forensics & Incident Response) and have other GIAC Certifications (GREM), but I found many people don't find that suitable for evidence of forensic capabilities and have since started demanding certifications such as GCFE and GCFA. As google show it 'GCFE is often seen as intermediate, while GCFA is considered advanced or the "gold standard"'. That said, reviewing older versions of Sans500 course work, I think there's some nuances that trip me up and I definitely got caught up with while taking the practice tests.  So basically, when you sign up for course and test together (like $10k USD, its insanely expensive that companies expect you to already have this instead of being willing to fund someone getting it) you get the ab...

Defense Penetration Testing (Pentests)      Many pentesting firms have done this for a while now so there's nothing new here, but I'd like to show you why and how pentests can be performed by shipping a raspberry pi (small, single board computer) and letting your staff power it on or setting it up to be left there. But before we do that, lets discuss why this would ever be a thing. There is a number of problems that arise that merit this sort of working as a defacto/standard operating mechanism and it only makes sense to offer the same.  Problem 1: "Scheduling/We can't perform testing during work hours"      Often employers won't have a way to get people to unlock the doors for you after hours and stay with you to perform testing, including wifi, physical, or internal pentesting techniques. This is the most common reason to say "okay well we can setup a laptop and leave it there".  This would work great for many reasons, because then they have all...

     When casually doing what I like to do and scanning the open air for fun and profit, I found something rather peculiar.       In today's world an unencrypted wireless network is pretty rare as it allows risks of spoofing, mitm, and various exploitation techniques which may be hard to defend against in courts. Many businesses offering wifi to it's customers stopped doing so because they couldn't maintain appropriate logging to prove when someone did something they shouldn't or which user it was. Captive portals weren't very affective and that was before iam services like keycloak were popular. So to see one in 2026 seemed a little bit wild.     When anything is "open" the data is shared unencrypted over the air. This can be sniffed and accessed by anyone passing by, and in the right, or I guess wrong, scenarios it can actually be mitm or spoofed without actually associating to the wifi network. This was the premise that created wep, then w...