Flow. Part 2

More lessons learnt from reading the book about flow. Its an excellent book, and I really wish I read this book earlier in my life. Its definitely now a must read I would recommend to anyone. Pleasure and Enjoyment Pleasure is meeting the demands of our natural desires and needs. When we fulfil a bodily […]

inotify on Shared Servers

We all have faced an issue at one point in our engineering adventures that we need to create a form of watchdog. We have to watch for a certain activity on a certain file or folder, before we perform a set of actions. Thankfully in Linux, there is a function called inotify, which allows you to […]

AS and BGP

Autonomous Systems The Internet (with a capital I) is a huge mesh of networks of networks. Within the networks are a more sub-networks, or IP addresses belonging to the network. An AS, or Autonomous System, is a collection of IP addresses that are logically grouped together to form a network. When one machine in one […]

DNS: Hunting Perspective

In a separate post, we talked about the possible different attack vectors of DNS. That post is not entire complete, and there are many more creative ways to use DNS as an attack vector. In this post however, we’re going to be looking at the more technical aspects of DNS, such as the protocols, byte […]

Flow

I’m half-way through the book Flow by Mihaly Csikszentmihalyi, and some of the concepts I read were mindset shifting. So even if I’ve yet to finish reading the book, I thought I would write a little about it to really solidify the concept Psychic Entropy Psychic entropy is the state where the mind is perturbed […]

HTB: Starting Point

Going to start some hackthebox to learn more stuff. While I have skills in the detection area, working with Netflow and DNS, I don’t have a strong offensive mindset. Perhaps that will be beneficial, thinking in terms of offense to develop a better defense. Set the ports to scan: ports=$(nmap -p- –min-rate=1000 -T4 10.10.10.27 | […]

Server Side Request Forgery

Server Side Request Forgery, or SSRF, is an attack where the attacker is able to make a request to an internal resource by pivoting through the server. By leveraging on the server to make a request to the internal resource, the request become seen as legitimate, because internal systems usually trust each other. SSRF through […]

XSS – Revisited

I’ve been doing this lessons by Pentesterlabs, and i’ve learnt a few new things there, which is always great! To be honestly, i’ve never had any proper training or course in terms of offensive cyber security, especially the web. My experiences have mostly been centered around the Linux kernel, which is pretty niche and narrow. In […]

Strengths Finder; And mine

First off, before I begin, I just want to say that I picked this book up for a steal of $5, where the original cost was somewhere around $30. I think I might visit book fairs more often, but the downside being that they don’t usually carry very good quality books, both in terms of […]

DNSSEC

In the previous post, we talked about some of the attack vectors on the DNS. In this post, we’re going to be talking about DNSSEC, which is an attempt to make the DNS more secure. A point to note, DNSSEC does not provide Confidentiality, but only Integrity. Integrity in this case is ensuring that the […]