Analysing an Invasive App Used by ISPs

I've been having packet loss issues recently and my ISP asked me to run an app as a part of their troubleshooting process. Immediately alarm bells start ringing as the app proceeds to do 'things', sends them information, and then doesn't tell you what it sent them. Running the 'Network…

A Tour of My Homelab

Homelab [hom-læb](n): a laboratory of (usually slightly outdated) awesome in the domicile. - r/homelab Homelabbing is how I learn things I don't otherwise get to learn at work. In this post I share some of the hardware I settled on to build my lab. It all started with…

Exporting Nessus Results into a Database

Nessus Pro is a great vulnerability scanner but analysing results quickly becomes unwieldy once you have more than a couple of scheduled scans or a large scan space. So I wrote a tool to export Nessus results using the API into a relational database. https://github.com/eddiez9/nessus-database-export EER…

Spotify on My Xiaomi Vacuum Cleaner

This is one of those projects where I never stopped to ask why. But just in case you also want a vacuum cleaner that can double as a Spotify Connect speaker, I can help point you in the right direction. First, the end result: This requires very little technical ability…

Transferring Files into a Restrictive Vdi Environment

In a recent penetration test I came across a novel technique to transfer files into restrictive VDI environments where all conventional ways of transferring files had been disabled. It's not rocket science but I thought it was interesting enough to warrant a brief write-up. TLDR; Base64 encode the file -&…

Finding Clean Windows ISOs

Throughout Offensive Security's CTP course you may find yourself wanting to build your own home lab with old Windows VMs. I found it difficult to locate Windows ISOs that were both untouched and of the exact version I wanted. This is a method I found to be effective. Identify the…