On a recent internal penetration test, I ran into something called HQueue (by SideFX), which seems to be some sort of job queueing solution to process workloads. Logo looks something like this: I took a look around the UI and found no authentication which was interesting, and it apparently had a Windows server hooked up […]
How to Root a Pixel 8
There are a ton of guides online for how to root a Pixel 8, but hopefully this is the most straight forward. Honestly this is the way I found to work. However, you can probably skip PixelFlasher and patch the image directly via Magisk. Good luck. Making rooted status/Magisk a bit more obfuscated: If you […]
How to Pass the PMP 2023 with x3 Above Target in 3 Weeks
Background I am currently employed full-time, married, and have two children under the age of four. In preparation for the PMP exam, I dedicated approximately 3-4 hours per day on most days and less on weekends. I took four days off prior to the exam and studied for 6-8 hours per day. I have worked […]
Gophish Google Workplaces Sending Profile Tutorial
So you want to send emails with gophish thru Google Workspaces gmail? Nice, because this is the tutorial for Gophish Google Workplaces Sending Profile Tutorial. There’s a few settings you have to enable as followed: Tip, if you’re getting a0 “555 5.5.2 Syntax error”, remove the brackets in the “SMTP from” field Trying to setup […]
2022 CSPM Comparison and Pricing
We recently did a comparison of the top CSPM vendors and did a pricing exercise. If you are unfamiliar, CSPM is more of the compliance side of the house and stands for Cloud Security Posture Management, whereas CWPP stands for Cloud Workload Protection Platform and is more for container and VM scanning. This blog post […]
Phishing O365 with MFA using gophish and Evilginx2
This guide is to help with the setup of gophish to track clicks, and Evilginx2 to capture tokens and creds for O365 logins. This will work even if MFA is enabled on the target accounts. Update as of 10/10/24: There is an official integration now here that you should probably follow, however, the Evilginx setup […]
How to automatically replace cookies in BurpSuite
If you have ever done a phishing exercise for a company, the contract probably said you have to test the creds you get. But what if they’re tokens? Are you going to manually replace them every intercept? No way, that’s extremely slow and error prone. Here’s how to automatically replace cookies in BurpSuite. In the […]
Setting up Gophish O365 Sending Profile in 2022
Have always had a tough time getting Gophish to work to send emails via o365. Today I finally succeeded! Here’s how I did it: First I used this guide along with some Microsoft documentation and did the following: Went to admin.exchange.microsoft.com, click on recipients -> mailboxes -> [my user] -> general -> manage settings for […]
Self-Study Resources for AWS Certified Security Specialty Exam
This is a quick blog post about how I self-studied for, and passed the AWS Certified Security – Specialty exam in less than three months. Hopefully these resources will lead you to pass as well! As for background, I’ve been working in AWS for about 4-5 years now in a security setting, mostly working with […]
What I Learned from the BsidesNOVA OSINT Workshop + mini CTF Write-up
Had a few hours this morning luckily to attend the Open Source Intelligence (OSINT) workshop presented by Brian Markham, the current Chief Information Security Officer (CISO) at EAB Global. Definitely learned a thing or two I’d love to share and also a quick write-up of the mini-Capture the Flag event (mini-CTF) we had at the […]