Skip to content
  • LinkedIn
  • GitHub
  • Twitter
  • Home
  • About
  • Code
    • GitHub Gists
    • Pastebin
  • Accomplishments
    • Certifications
    • PentesterLab
  • Contact
    • Contact Form
    • Keybase

BLTSEC

TRY HARDER: A Blog About Discovery

Written by bltsecSeptember 19, 2018September 19, 2018

[OPSEC] IOS SHORTCUTS: SENDING OUT AN SOS

🚨 [Safety Tip] 🚨 Have you ever wondered what to do if you find yourself in a situation where you need to let your loved ones and possibly emergency responders know where you are and what’s happening around you? On a completely different note maybe you don’t trust your baby daddy or your children and […]

Written by bltsecJanuary 8, 2018January 11, 2018

[Enterprise Security] Meltdown and Spectre

It’s really not the end of the world…well depending on who you ask but that’s probably for other reasons than CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 (Meltdown and Spectre).

Written by bltsecDecember 23, 2017December 23, 2017

[Penetration Testing] Linux Local Privilege Escalation: /dev/random K2

This article will detail the steps I took in order to successfully gain access to higher privileged accounts via some basic Linux privilege escalation techniques and by exploiting CVE-2004-1051 for gaining root privileges.

Written by bltsecDecember 5, 2017December 7, 2017

[Programming] – Spring Boot: Encrypting Externalized Properties

Details how to integrate jasypt (http://www.jasypt.org/) into a Spring Boot project to provide encryption for externalized properties.

Written by bltsecSeptember 28, 2017September 28, 2017

[Enterprise Security] Automating the Destruction of Bind Shells

Demonstration of macOS’s Automator app receiving a voice command that executes a script that scans for open listening ports on a machine and then terminates those processes that haven’t been whitelisted.

Written by bltsecSeptember 20, 2017September 20, 2017

[Enterprise Security] Black Honey

Discusses creating a service that will generate files to help monitor user activity and alert enterprise security teams of data breaches.

Written by bltsecSeptember 16, 2017September 20, 2017

[Enterprise Security] SIEM IPS PFSENSE

High-level overview of how a SIEM could be integrated into an enterprise environment by adopting and scaling the architecture model used in this NSM lab.

Written by bltsecSeptember 14, 2017September 18, 2017

[Security Awareness Training] “Free” WiFi

Security Awareness Training (SAT) – “Free” WiFi: Identifying Credential Harvesting Captive Portals and How to Protect Yourself Against Them

Written by bltsecAugust 30, 2017September 23, 2017

[Penetration Testing] WebDAV IIS 6.0 / TCP/IP IOCTL Privesc

Exploits: CVE-2017-7269, CVE-2014-4076
Techniques: HTTP / WebDAV method enumeration, Privilege Escalation […]

Written by bltsecAugust 28, 2017September 23, 2017

[Penetration Testing] Drupal RCE / Win32k.sys Kernel Exploit

Exploits: Drupal 7.54 Services Module RCE, CVE-2014-4113 Kernel Exploit
Techniques: Empire / Metasploit session passing, Fuzzing, Privilege Escalation […]

Create a website or blog at WordPress.com