CategoryCompSec
-
5-Min Tutorial: Gaining Root via UART
Connecting to a TP-Link WR841N router over UART with the Attify Badge — identifying GND/VCC/TX/RX, scanning for the baud rate with devttys0's baudrate.py, and dropping into a root shell, plus notes on TP-Link weakening hardware security between versions.
Read the post -
5-Min Tutorial: Lifting Firmware with the Bus Pirate
Opening a TP-Link WR841N router, wiring its W25Q32.V EEPROM to a Bus Pirate over SPI, dumping the firmware with flashrom, and extracting the embedded Linux filesystem with binwalk.
Read the post -
Internet Memories #2: Break The Rules
2007 Caracas, a Linux Magazine, and aircrack-ng — the night a kid broke WEP and got "Free. Internet. Everywhere!" Told inside a terminal: run each command to unlock the next beat of the story.
Read the post -
Eagle Eye: Wi-Fi Monitoring
EagleEye, a wireless network monitoring tool built for non-technical users: a 815-person survey on why people need it, then the architecture — libtins/dot11decrypt decrypting live monitor-mode packets, Scapy filtering them, and a Flask server feeding simple graphs to the browser. With git repo, paper, and PDF.
Read the post -
Demystifying Cryptography
A Crypto 101 tour for the curious: what cryptography is, its goals, the anatomy of a secure connection, and the intuition behind Diffie-Hellman key exchange (with a live interactive demo of two parties agreeing on a shared key over an open wire) and the Caesar cipher.
Read the post -
Break Free! - Bypassing Captive Portals
Bypassing hotel/airport/cafe captive portals by tunneling traffic over DNS with Iodine — the escape strategy, server + domain setup, and the iodine/proxychains client side.
Read the post -
Duckhunting - Stopping Automated Keystroke Injection Attacks
How RubberDucky / BadUSB automated keystroke-injection attacks work, and DuckHunt — a small defense that distinguishes a real user from an injected burst by typing speed, with four protection policies (Normal, Paranoid, Sneaky, Logging Only). Includes a playable NES-style Duck Hunt mini-game of the detection problem.
Read the post -
Capture The Keys - Chapter 2: Pylogger
My Python reimplementation of the earlier C++ keylogger, walking through building an efficient Windows keylogger with PyHook — keystroke capture, window-aware logging, log rotation, and typed-keyword triggers (status, dump, pause, kill) — as an educational security exercise.
Read the post -
11 oddly specific (yet useful) security tips
Eleven weird-but-genuinely-useful security tips for the curious non-expert, from killing WPS to keylogging your own machine — now with a 2026 retraction on the RFID-credit-card advice.
Read the post -
Magstripe tinkering
My hobbyist dive into magnetic stripe card technology: how magstripes encode data, and how I hacked a Square reader by bypassing its encryption chip to read raw card data, with some reflections on real-world magstripe security.
Read the post -
Capture the Keys - Chapter 1: Clogger
A post-mortem of my first keylogger — a ~280-line C++ prototype I built for Windows back in college to monitor my own machine — covering its key-state polling, shift/caps filtering, window tracking, and stealth tricks, plus why I eventually abandoned it for Python.
Read the post -
PenTesting 101: Setting up your lab
A 10-minute walkthrough for building your own hacking lab — VirtualBox, a Kali attacker VM, a Kioptrix victim VM, and an internal network — read as a git-graph: each step collapses as you scroll past it.
Read the post
