zacheller@home:~/blog$

  • Configuring Gmail with a Google Domain using Google DNS

    Enable email forwarding in the Email section of your Domain settings Go to: https://domains.google.com/registrar/<your_domain>/email Click Add email alias Set Alias email to * if you want all emails sent to any address at your domain forwarded to the same email, otherwise specify the specific alias Set Existing recipient email to...

  • ACM x b34rshell Cybersecurity Panel at WashU

    On October 12th 2022, I spoke on a cybersecurity panel at Washington University in St. Louis (WUSTL) with Ryan Xu, another founding member of the university CTF team, b34r5hell. It was awesome to have the opportunity to speak to current WashU students about getting into the cybersecurity industry. Thanks to...

  • Bay Area OWASP Meetup - Cequence Security Talk on API Security

    Event: October Meet Existing Approaches Fall Short Shadow APIs - unknown Drivers of API as an attack vector insufficient visibility insufficient inventory tracking (OWASP API9) poor quality assurance no formal publication process internal APIs publicly exposed Abuse Examples sneaker bots third party payment APIs credit/gift card checking content scraping APIs...

  • Awake/Arista 2022 Network PCAP CTF Challenge

    After filling out the Google Form to register and receiving the PCAP, I opened it in Wireshark and searched for “instructions”. I found the string in TCP stream starting from packet 686. I exported the page WELCOME.html with File→Export for a better reading experience. The important notes from that file...

  • Devlympics 2021 - The Ultimate Warrior Arena - Cloud 5th Place

    On the inaugural Devlympics, I competed in the Ultimate Warrior Arena and got 5th place in the Cloud competition. My experience in securing Docker containers came in handy! If you want to make your setup much safer, please run docker as a non-root user!

  • TryHackMe - Relevant

    Room: Relevant Note: I mapped the target IP to relevant.thm in my /etc/hosts file. Enumeration root@ip-10-10-196-226:~# sudo nmap -p- -T4 relevant.thm Starting Nmap 7.60 ( https://nmap.org ) at 2021-03-03 21:31 GMT Verbosity Increased to 1. SYN Stealth Scan Timing: About 79.71% done; ETC: 21:56 (0:05:03 remaining) Verbosity Increased to 2....

  • A5/1 Stream Cipher Implementation

    What is A5/1? A5/1 is a stream cipher used to provide over-the-air communication privacy in the GSM cellular telephone standard. It is one of seven algorithms which were specified for GSM use. It was initially kept secret, but became public knowledge through leaks and reverse engineering. A number of serious...

  • TryHackMe - Steel Mountain

    Room: Steel Mountain Enumeration root@ip-10-10-71-9:~# nmap 10.10.139.244 -sC -sV -Pn Starting Nmap 7.60 ( https://nmap.org ) at 2021-01-31 21:08 GMT Nmap scan report for ip-10-10-139-244.eu-west-1.compute.internal (10.10.139.244) Host is up (0.00050s latency). Not shown: 988 closed ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 8.5 | http-methods: |_...

  • TryHackMe - Overpass 3

    Room: Overpass 3 - Hosting Checking out the home page, I found some usernames. Paradox - Our lead web designer, Paradox can help you create your dream website from the ground up Elf - Overpass' newest intern, Elf. Elf helps maintain the webservers day to day to keep your site...

  • TryHackMe - Wonderland

    Room: Wonderland Enumeration and Initial Access An nmap scan reveals SSH and HTTP services on their standard ports. The home page of the website says to follow the white rabbit and includes a JPG of a white rabbit. I downloaded the image and ran it through steghide extract -sf white_rabbit_1.jpg...