General Blog

Here, you’ll find a mix of content beneficial to Sysadmins, my personal thoughts, and/or general Infotech topics.


Recent Posts

Symmetric Encryption vs Asymmetric Encryption

Symmetric Encryption A single, shared key is used to both encrypt and decrypt the data. You’ll want to handle this key with caution and only share it to those that need access to that data. Pros: Works great if we only need to secure data for a single machine or a single user. Very fast […]

Let’s Talk Basics About Cross Site Request Forgery (CSRF)

It became apparent to me that my understanding of CSRF was lacking, or uh, basically non-existent. This post aims to fix that! Come learn about it along with me. Note: This particular post is NOT a hacking tutorial on abusing CSRF, though I’m sure I will post one in the near future (make sure to […]

Have a WebApp? Here Are Three HTTP Headers Leaking Your Server Information

This post intends to discuss the three most common HTTP headers that leak server information. While these headers don’t do anything to help protect against attacks, they can be used by attackers to enumerate the underlying technologies behind the application during the early enumeration phase of an attack. If you’d like to learn more about […]

What are Web Application HTTP Security Headers? When do you use them?

This post intends to serve as a guide for some of the most common HTTP Headers web applications use to prevent exploitation of potential vulnerabilities. Within this article, you will discover the name of the various headers, along with their use case and various configuration options. If you’d like to learn more about which headers […]

My Top 3 OSCP Resources (Ippsec, TheCyberMentor, & 0xdf)

I have seen many people ask the community for help regarding good resources and figured I should create this post to share my two cents on the topic. I started this journey about 6-8 months ago and have soaked in a ton of content during that time.  TheCyberMentor Use this when first starting out! He […]

Patching CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

As I’m sure you’ve heard, there were a handful of critical vulnerabilities announced in this week’s Patch Tuesday. Included in the list of vulnerabilities is a flaw within CryptoAPI that would allow an attacker to digitally sign malicious software updates as the legitimate creator of the software. While Microsoft lists this vulnerability with a severity […]

Top Ways Penetration Testers Get Domain Admin

Very brief post, but will be expanded on with additional details as time allows. Breached Credentials Credential Stuffing & Password Spraying LLMNR & NBT Poisioning Relay Attacks Null Sessions on Domain Controller(s) Token Impersonation on Low Priv Boxes MiTM6 to Exploit IPv6 Kerberoasting MS17-010 and Poor Patch Management SYSVOL Credentials and GPP Lack of Segmentation […]

How To Activate Windows 7 Extended Security Updates (ESU)

This post intends to serve as a guide on activating a purchase ESU license key on a Windows 7 box. I’m making the assumption that you have already gone through the procedure to purchase the Windows 7 ESU key and have access to it. READ MORE…



Stay Involved

Get new content delivered directly to your inbox.