iptables -F

This command should be removed or come with confirmation message before execution. Today, I wanted to to turn my blacklist into a whitelist. Reason being as I added new services, I don't always remember to add in new rules, as a result, I was exposing quite a number of potentially sensitive ...

Linux box to AP with hostapd/dhcpd/iptables

2 weeks after my last failure, my hands started itching again and I tried to bridge my ethernet connection to a wireless adapter running in AP mode. Some reasons which resulted in my failures in previous occasions 1) Networking on a headless server - When playing with networks, you need to work ...

Stealing code

Much of client side web technology today runs directly from source, E.g. HTML/CSS/JS... , which means source code is readily available to anyone who wants it, a far cry from software where source code is often kept tightly under wraps. As such, it is very simple to just copy out chunks of code ...

Key management

Over time I have gradually accumulated quite a number of keys. I have my PGP keys for my mail encryptions, my SSH keys, multiple VPN certs and keys for various services, my android keystore keys. Currently I just chuck it into a folder, storing everything in plain text, which is fine as long as ...

Spoofing NUS WPA2 and stealing credentials

Warning Content in this post is for educational purposes only, it may be illegal to carry out the exploit mentioned. The author is not responsible for any action taken against you if you carry it out. This exploit is possible because of configuration settings in PEAP where certificate ...

Dual booting

Barely one month after getting rid of my Ubuntu/Win 7 dual boot combination, I installed linux on my laptop once again. This time though, its Kali Linux, because using Backtrack in a VM was creating more trouble than it was worth. I guess having a separate OS only for pen testing is workable. ...