Closing out Lightning to Bitcoin

Maybe you’ve decided that you want to close down your old computer that was running a Lightning network node, but you haven’t decided to stop using Bitcoin. Maybe you just need to pay for an unexpected expense. Maybe anything. The question becomes: How do you take the BTC you currently have linked into a Lightning wallet and shoot it back off to a Bitcoin main wallet? I didn’t find that readily available anywhere and clearly listed, so here you go. 🙂

Continue reading →

December 11, 2021 0

QuickHit: Things to Attack

Need a quick list of things to attack? Try these. 🙂

Buggy Web App: http://www.itsecgames.com/
Damn Vulnerable iOS App: http://damnvulnerableiosapp.com/
Damn Vulnerable Web Application: http://www.dvwa.co.uk/
Damn Vulnerable Web Services: http://dvws.professionallyevil.com/
Google Gruyere Web App: http://google-gruyere.appspot.com/
Hack This!: https://www.hackthis.co.uk/
Hack This Site: https://www.hackthissite.org/

Continue reading “QuickHit: Things to Attack” →

May 22, 2020 0

Fire Talks Online: Intro to Woodworking

Header showing classic woodworking tools

Just a quick catch-up post on the presentation I gave tonight for Fire Talks Online… if you want it, you can download the raw PPTX here: Intro to Woodworking.

As always… good hunting!

April 1, 2020 0

Fixing Firmware File Systems

Here’s the scenario: you’ve downloaded the firmware for a device that you want to explore in more depth, and extracted out the updates. You dig through them and see that they’re EXT4 systems, and say “jackpot!” while rubbing your hands together in glee. “A quick mount and I can browse to my heart’s content” you say to yourself… and then you see “wrong fs type, bad option, bad superblock on {DEVICE}, missing codepage or helper program, or other error.” Let’s get past that. 🙂

Continue reading “Fixing Firmware File Systems” →

June 5, 2019 0

Quick Hit: Base64 PowerShell Exfiltration

Okay, so you’ve landed in a constrained language PowerShell on a remote box, and the local application security policy is stopping you from using all the regular stuff (e.g. netcat, opening network connections, etc)… but you need to exfil a medium amount of binary data. How would you do that?

The following isn’t perfect, but it’s the solution I used recently… feel free to share better solutions! 🙂

Continue reading “Quick Hit: Base64 PowerShell Exfiltration” →

March 14, 2019 0

Quick-Hit: Am I Inside A Docker Container?

If you don’t know, here’s an easy way to find out…

cat /proc/self/cgroup

If you see “/docker/{hash}” following one of the outputs then yes, yes you are. A non-Docker system looks like the following:

Continue reading “Quick-Hit: Am I Inside A Docker Container?” →

February 12, 2019 0

Quick-Hit: Editing Submissions in BurpSuite

Let’s say you’re running some tests on a service and want to use some characters that aren’t standard in your systems’ character set. How do you do that?

Continue reading “Quick-Hit: Editing Submissions in BurpSuite” →

February 8, 2019 0

Quick Hits: Screen

Ever been frustrated by a session that was running remotely when your SSH/nc/1337shell.phpaspxcf dropped, and all that work was wiped out in the blink of an eye because when that died your shell did too, and the OS was nice enough to clean it all up?

Yeah, it sucks. Fortunately, there’s an easy way to handle that, and it’s called “screen”. Let’s dive in.
Continue reading “Quick Hits: Screen” →

January 28, 2019 0

Windows and Linux Base64 Encode/Decode Commands

Tweeted this immediately after I found this a while back. Here is a quick reference to the commands to Base64 encode/decode a file on Linux and on Windows. And people say Windows is soooooo much easier……

Continue reading “Windows and Linux Base64 Encode/Decode Commands” →

January 14, 2019 0