Pwnagotchi Waveshare V3

So you want to build yourself one of those Pwnagotchi that everyone is talking about since the Flipper Zero came out and no one can get one, eh? And you’ve followed the official installation instructions (which this post supplements, but does not replace) but have noticed that either (1) you can’t really find a Waveshare eInk 2.13″ display that’s not version 3, or (2) you can’t quite seem to get into your Pwnagotchi if it’s even running and ERMAGERD WTF why is this so obtuse? Well, this is the guide for you. 🙂

Continue reading →

June 21, 2022 0

Custom Proxmox VE LXC Images

Using Linux Containers can significantly improve deployment times to make customized instances of a system. For instance, you may want to create 10 unique instances of a system for training purposes, but don’t want to run custom code on each when it starts to generate key material, assign users, etc. Using Linux Containers can make that simple, but unfortunately it’s not always so simple to create that custom image for deployment. This post is going to cover the start to finish customization of an image (in this case, using Kali Linux) from the base image to one that can deploy in a non-privileged virtualization platform (in this case, Proxmox VE). Let’s get started!

Continue reading →

March 9, 2022 0

Hermit’s Hardware Hacking Box

Have you ever wanted to get into hardware hacking as well as offensive security, but didn’t know how to get started? Good news! For a recent meeting of the Pittsburgh Hacker’s Association I put together a presentation on how to setup the standard box I use for almost everything. It’s a dual-boot system with both Ubuntu and Kali, a shared data partition, and all the tools you could ever need pre-configured and installed. If you want to get started, just grab the PDF and get going!

Good hunting! 🙂

February 13, 2022 1

Starting the 2020 eChallenge Coin Redux

There’s a designer named Bradán Lane who makes some excellent hardware, and one of my favorite things he’s created is a set of challenge coin circuits. I won’t go into too much detail on them other than to note they have a fun story line, a series of challenges, and you have to exercise some basic hardware hacking skills to participate. If you’d like more details, please check out the listing for the coin on Tindie. But what if you don’t know how to get started? Well, a friend of mine (Visual) and I recently played through this, and thought we’d document how to get started for anyone who needs a little extra help. Let’s get started!

Continue reading →

December 28, 2021 0

Bitcoin Node + Lightning Network + Tor

Okay, so this is the post that kickstarted me to return to StackAttack… because I’ll probably forget all of this in a week, and I want a reference. In short, the goal is:

Setup a full Bitcoin core node
Setup the Lightning Network Daemon
Make it all work over Tor

Let’s dive in, shall we? 🙂

Continue reading →

May 13, 2021 0

QuickHit: Things to Attack

Need a quick list of things to attack? Try these. 🙂

Buggy Web App: http://www.itsecgames.com/
Damn Vulnerable iOS App: http://damnvulnerableiosapp.com/
Damn Vulnerable Web Application: http://www.dvwa.co.uk/
Damn Vulnerable Web Services: http://dvws.professionallyevil.com/
Google Gruyere Web App: http://google-gruyere.appspot.com/
Hack This!: https://www.hackthis.co.uk/
Hack This Site: https://www.hackthissite.org/

Continue reading “QuickHit: Things to Attack” →

May 22, 2020 0

Intro to BurpSuite

I recently had cause to make some training on how to get and perform some basic operations using BurpSuite, so I thought I’d share here. As always, feel free to use as you’d like. 🙂

BurpSuite – Introduction

May 19, 2020 0

DerbyCon 9 – DomainTools CTF – Reversing

Part three of the DerbyCon DomainTools CTF write-ups. You can find coverage of all the Crypto challenges here and coverage of all the Forensics challenges here. This finishes up the solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. Let’s get started!

Continue reading “DerbyCon 9 – DomainTools CTF – Reversing” →

September 23, 2019 0

DerbyCon 9 – DomainTools CTF – Forensics

Part two of the DerbyCon DomainTools CTF write-ups. You can find yesterday’s coverage of all the Crypto challenges here. I’ll be contributing solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. Today: the forensics challenges!

Continue reading “DerbyCon 9 – DomainTools CTF – Forensics” →

September 17, 2019 1

DerbyCon 9 – DomainTools CTF – Crypto

Continuing with write-ups for events from DerbyCon is the DomainTools CTF. I’ll be contributing solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. First up: the crypto challenges!

Continue reading “DerbyCon 9 – DomainTools CTF – Crypto” →

September 16, 2019 2