linux

Setting up keepassxc with yubikey

I use keepassxc to store my passwords. Up until now for my setup I have been using Password + Keyfile as the database credentials, where keyfile has been mostly used as a salt rather than an actual secrets. I store a backup of this keyfile in various online accounts. Because of this I've never been entirely comfortable storing the passwords anywhere online, as it would only require cracking my password. Adding the yubikey secret to the credentials should add an offline factor that will be very difficult to compromise.

Read
sysadmin

Resetting HP M15w

Trying to find instructions on how to reset the M15w printer to set up a new wifi connection was annoying enough that I wrote it down.

Read
infosec

Claiming a microsoft shorturl for an easy phish

**tl;dr;** Microsoft has an internal use shorturl service at **go.microsoft.com** that can be enumerated for hijackable links. It might be useful for you as a red teamer if you want to phish windows users.

Read
infosec

Bitbucket CSRF on SSH Add Key Endpoint via superdomain cookie

In October 2022 I found a pretty specific CSRF vulnerability on Bitbucket Server (the self hosted version). Since it has now been patched, here are the details.

Read
infosec

kms.nhp.gov.in rooted via syncthing

In May last year (2022) I found and disclosed a vulnerability on a subdomain of nhp.gov.in. Using an exposed syncthing admin interface, I was able to gain root SSH access to the server by syncing the `/root/.ssh` directory.

Read
programming

Quick way to scrape websites

In this post I want to show a quick way to scrape websites using the python package requests-html and firefox's developer tools.

Read
programming

Python Logging Cheatsheet

Cheatsheet of how to use python's built in logging

Read
infosec

Exfiltrating Past CSP Directives

An example of using Google Analytics to exfiltrate past CSP directives on HackerOne

Read
infosec

Revoking a PGP Key from MIT's Key Server

Instructions on how to revoke your public PGP key from MIT's Key Server.

Read
linux

Yubikey OpenPGP Setup for SSH and Commit Signing

Some disorganized notes on how I set up my yubikey for SSH auth and git commit signing.

Read