Author's posts

Jan 25


Week 3 – Enumeration and Cracking Week 3 is done and it was the best yet!  In this course, I have a feeling that every week will be better than the one before it.  I studied for 10 hours after work and on the weekend and still managed to do a little painting! In my original …

Continue reading

Jan 20

Becoming an Ethical Hacker – Week 2

Week 2 – Scanning, Enumeration, and Back to Basics The second week in my quest to become an ethical hacker is complete!  With 11 hours of study time logged, this was a very productive week that touched a lot of different areas. If you’re not sure why I’m posting this, take a look back at …

Continue reading

Jan 09

Becoming an Ethical Hacker – Week 1

Week 1 – Google Hacking and Port Scanning My first week of ethical hacking is done and it was a great week!  I spent 9 hours working on scanning and reconnaissance.  As I mentioned in my post, Investing a Year in Ethical Hacking, my goal is to spend 416 hours learning ethical hacking this year.  Current …

Continue reading

Jan 01

A Year of Ethical Hacking – Day 1

Becoming a Certified Ethical Hacker, Day 1 OK…I cheated.  I started early on CEH by reading a little and skimming some videos, but my 416-hour goal stands. Current progress:  0 of 416 hours. What should I do first? Every goal has to start with a plan right?  I explained in my first post of this …

Continue reading

Dec 23

Certified Ethical Hacker (CEH) Preparation Toolkit

The Tools You Need to Learn Ethical Hacking and Get CEH Certified This is post number two in my quest to become a Certified Ethical Hacker. In my last post, I talked about why I am Investing a Year in Ethical Hacking. Now, I’m going to share the resources I plan to use over the …

Continue reading

Dec 19

Investing a Year in Ethical Hacking

Why the CEH is worth it and why it will take a full year to earn it.

Aug 16

Patch Remediation With PowerShell – Part 1

There are a lot of security topics that are absolutely fascinating but patch management is not one of them.  Even more horrific is patch management remediation.  Deploying patches isn’t so bad but getting that last 10% out of your compliance efforts is just a never ending brutal slog through the mud. I wrote a quick …

Continue reading

Aug 14

Password Spray with PowerShell

Find user accounts with weak passwords without getting ntds.dit, admin rights, account lockouts, or logging any events. With basic domain access and PowerShell, this script uses a password spray technique to test one password at a time against all active user accounts in the domain. More traditional brute force password guessing might try as many password …

Continue reading

Jun 23

Training Users to Fail

My account password for LinkedIn was leaked as part of the 2012 breach.  I use the same user name on Pandora and, if my password was the same on both sites, this would have left me exposed to password reuse attacks. I received an email from Pandora Radio today and I think it is great …

Continue reading

Mar 30

File Screens Defeat Ransomware – Part 3

File screens have successfully stopped Locky. I ran a curious file today that gave me the picture above…but my file server is just fine. For a test, I created multiple file shares. One share did not have a screen enabled. The other share had the screen configured as detailed in my previous two posts. Use …

Continue reading