Hypn.za.net
Hacking, Coding and Gaming | @[email protected]
December 1, 2018
NES Classic Mini Hacking

I gave a talk at 0xcon and BSides Cape Town (with my friend Dale) on Hacking and Weaponizing the NES Classic Mini. Slides are available here. Along with looking at the popular "Hakchi" mod and ways it can be used to add Wifi functionality to the NES Classic Mini, we also discussed how to add custom binaries and hack the (emulated) NES games using "bash" and "dd" provided by "busybox" on the device.
Read More

June 6, 2018
Thoughts on OSCP certification and the exam!

I recently wrote my thoughts on the OSCP certification, prior to writing my exam, which might be worth reading before this post. A couple of days later wrote the exam - and passed! This post will start with the exam and then have some more thoughts on the OSCP course. The exam itself was a lot harder than I was expecting... I had started the course with 60 days of lab time, intending to write (and fail) the first exam, and then take another 30 days of lab time and write again.
Read More

May 27, 2018
Thoughts on Offensive Security's OSCP certification, in 2018 (pre-exam)

I thought I'd share my thoughts and experience of Offensive Security's OSCP course/certification, prior to writing my exam to avoid the results tainting my thoughts. I didn't know what to expect from the course work or exam and was worried I'd be very much "on my own" - I'd read too many times you "need to be able to Google" but often the challenge is knowing what to Google. Luckily there are forums available which, although they're often censored to remove spoilers, are usually able to give you a pretty good nudge in the right direction if you get stuck.
Read More

January 25, 2018
Running Nmap in AWS Lambda

While people have created AWS Lambda based scanners, such as AWS-SCAN and Better-AWS-SCAN which make use of "python-nmap", I wanted to see if I could get the "real" Nmap running in AWS Lambda having recently created a Slack bot that runs PhantomJS in Lambda. DISCLAIMER: Please ensure you've read https://aws.amazon.com/security/penetration-testing/ and have all the permission necessary if you're going to perform any of the below. Your country of residence might also have laws about port/automated scanning which might make the following steps illegal.
Read More

January 25, 2018
AWS Lambda Slack Bot (with PhantomJS) #chatops

Recently I wanted to automate some manual checks I was having to perform on client sites, and make these checks accessible to other colleagues - the solution I settled on was using a Slack bot to trigger an AWS Lambda function that runs PhantomJS to perform the checks. Here's a quick crash course on how to set it up (you'll need some AWS knowledge or do some Googling). I've created a sample code base available at https://github.
Read More

December 2, 2017
BSides Cape Town 2017 - "Docker for Hackers" talk and badge apps

Today at BSides Cape Town 2017 I gave a talk titled "Docker for Hackers" - a quick overview of what docker is, how to use it, and how to attack various aspects of it. The slides for my talk are here. I also got to help @dale_nunns, who wrote the firmware for our electronic badges which is a BASIC interpreter, with some ".bas" files for attendees to discover as well as the badge default LED animation.
Read More