https://daddycocoaman.dev/ Recent content on daddycocoaman https://daddycocoaman.dev/avatar.jpg https://daddycocoaman.dev/avatar.jpg Hugo -- gohugo.io en-us Fri, 24 Jun 2022 00:00:00 +0000 https://daddycocoaman.dev/posts/introducing-dumpscan/ Fri, 24 Jun 2022 00:00:00 +0000 https://daddycocoaman.dev/posts/introducing-dumpscan/ A convenient tool for extracting secrets from memory dumps https://daddycocoaman.dev/posts/dumping-rsa-certificates-with-volatility-part-2/ Thu, 23 Jun 2022 23:30:03 +0000 https://daddycocoaman.dev/posts/dumping-rsa-certificates-with-volatility-part-2/ Writing a Volatility plugin to extract private keys https://daddycocoaman.dev/posts/dumping-rsa-certificates-with-volatility/ Mon, 02 May 2022 00:00:00 +0000 https://daddycocoaman.dev/posts/dumping-rsa-certificates-with-volatility/ Writing a Volatility plugin to extract RSA certificates https://daddycocoaman.dev/posts/picoctf/2022/picoctf-2022-reverse-engineering/ Mon, 04 Apr 2022 00:00:00 +0000 https://daddycocoaman.dev/posts/picoctf/2022/picoctf-2022-reverse-engineering/ Walkthrough of picoCTF 2022 reverse engineering challenges https://daddycocoaman.dev/posts/picoctf/mini2022/beginner-picomini-2022/ Mon, 04 Apr 2022 00:00:00 +0000 https://daddycocoaman.dev/posts/picoctf/mini2022/beginner-picomini-2022/ Walkthrough of picoMini 2022 CTF challenges https://daddycocoaman.dev/posts/bypassing-python38-audit-hooks-part-1/ Thu, 11 Jul 2019 00:00:00 +0000 https://daddycocoaman.dev/posts/bypassing-python38-audit-hooks-part-1/ First of all, if you think you’re being cool and edgy by still using Python2.7, I’m gonna need you to unthink that ASAP. Python2.7 is reaching end-of-life very soon and we should all be moving on up…to the 3 side…and finally get async with that Py. That joke might go over a lot of heads. Anyway, this post is likely to be the first in a multi-part series of talking about a new feature that is coming in Python 3. https://daddycocoaman.dev/posts/beacongraph-v0.69-released/ Wed, 15 May 2019 22:43:42 +0000 https://daddycocoaman.dev/posts/beacongraph-v0.69-released/ Why from v0.2 to v0.69? Cause I’m immature AF and it probably made you want to read this blog post. Back in October 2018, I released a tool called BeaconGraph after attending the SANS SEC617: Wireless Penetration Testing and Ethical Hacking course taught by James Vidal. I released a PoC of BeaconGraph after I realized that airgraph-ng could use a more modern look. However, that version of BeaconGraph was not very user-friendly, as it was more of a Proof-of-Concept than a usuable tool. https://daddycocoaman.dev/posts/bug-bounty-adventures-this-is-the-wrong-porn/ Tue, 07 May 2019 03:04:22 +0000 https://daddycocoaman.dev/posts/bug-bounty-adventures-this-is-the-wrong-porn/ I haven’t had much luck with bug bounties. At the time of writing, all of my submissions except one have been duplicates, which can be really demotivating. But instead of giving up, I decided to shift my focus over to learning how to analyze mobile applications, particularly Android APKs. Since then, I’ve glanced through a number of APKs while looking for low hanging fruit. With only a minor understanding of the mobile world, I looked through previously disclosed bounties in order to see what kind of things I should be looking for. https://daddycocoaman.dev/posts/blackplanet-why-proper-ssl-implementation-matters/ Wed, 06 Mar 2019 00:00:00 +0000 https://daddycocoaman.dev/posts/blackplanet-why-proper-ssl-implementation-matters/ UPDATE: A few hours after writing this post, BlackPlanet correctly implemented HTTPS redirects on their site! While it likely had nothing to do with this blog, it’s great to see they are taking a more serious approach to security. There’s no doubt that there’s been an increase of demand on companies and websites to ensure that user data is protected from end-to-end. This includes both transmission and storage of data, particularly sensitive information such as passwords. https://daddycocoaman.dev/posts/pentesting-with-ironpython/ Sun, 16 Dec 2018 00:00:00 +0000 https://daddycocoaman.dev/posts/pentesting-with-ironpython/ After digging into IronPython more with the intent to create more modules for SILENTTRINITY, I decided I would release some of the other tools I’ve been working on. As Python is more my speed than C# and PowerShell currently are, I decided I would get more practice learning my way around the .NET Framework by converting C#/PowerShell scripts into IronPython to determine the limits of the language, if any. The best part is that since these tools primarily use the . https://daddycocoaman.dev/posts/silenttrinity-and-the-python-of-iron/ Fri, 26 Oct 2018 00:00:00 +0000 https://daddycocoaman.dev/posts/silenttrinity-and-the-python-of-iron/ A few weeks ago right after DerbyCon (which I wasn’t able to attend), I heard about a new post-exploitation tool called SILENTTRINITY by byt3bl33d3r, a tool developer with a l33t name with some pretty l33t tools (…I’ll stop now) such as CrackMapExec and DeathStar. This project is unique in that it utilizes Python, IronPython, and C#/.NET in order to perform post-exploitation activities similar to other frameworks such as Empire. The benefits of using a C#/. https://daddycocoaman.dev/posts/beacongraph-v0.2-released/ Mon, 22 Oct 2018 00:00:00 +0000 https://daddycocoaman.dev/posts/beacongraph-v0.2-released/ Last week, I released a tool called BeaconGraph aimed at supporting wireless auditing. As of this post, v0.2 has been released with some pretty big improvements over the initial release and can be found by clicking the logo below. I’ll start by saying that I’m not a wireless engineer or auditor by any means. I’ve never even been a network engineer or a network administrator for anything more than 10 clients/servers. https://daddycocoaman.dev/posts/black-men-in-infosec/ Tue, 05 Dec 2017 00:00:00 +0000 https://daddycocoaman.dev/posts/black-men-in-infosec/ The title is a bit vague, I know. I grew up in Brooklyn, NY and I’m about to turn 28 years old, and I can say for sure that 10 years ago, I did not see myself achieving as much as I have so far. Recently, Google granted a non-profit organization $1M to expose young black men to technical careers. This, of course, drew the “All Kids Matter” crowd to many conversations on social media. https://daddycocoaman.dev/posts/first-time-red-team-experience/ Fri, 17 Nov 2017 00:00:00 +0000 https://daddycocoaman.dev/posts/first-time-red-team-experience/ I was invited to be a part of a red team as part of a practice for a cyber defense event. I didn’t really know what to expect but I couldn’t miss the opportunity to learn, so I accepted. We had two days to learn our infrastructure and two days to actively engagement. In a team of four, this was the first time red teaming for two of us. A lot of learning occurred between the four of us and ultimately for the blue team.