[ Guides & Tutorials ]
[ Network, Wireless & Pivoting |
Web & Infrastructure |
Pentesting & Privesc |
Reverse Engineering & Malware |
Operations & Reference |
Game Servers ]
[ Network, Wireless & Pivoting ]
Kismet and Android GPS Tethering — 03.2015
Guide on setting up a GPS capable Android for use with GPSd & Kismet, utilizing Giskismet to create a KML file from NETXML exports to be viewed within google maps/earth to see locations of detected wireless networks.
Tunneling with SSH & Proxychains — 02.2012
Paper explaining some SSH Gymnastics tricks and how to setup a tunnel with ssh's -D option to setup a tunnel that is capable of bypassing filtering, ips/ids or a firewall / appliance.
Hacking with your cat — 12.2006
Master the power of netcat and become a true network ninja warrior, then hack with your cat.
TCPDump Explained — 2005
Quick paper write up explaining tcpdump basics and some of the advanced features.
[ Web & Infrastructure Security ]
Cloudflare + strict CSP — making them coexist — 05.17.2026
If you've set a strict Content-Security-Policy on a Cloudflare-fronted site and watched Bot Fight Mode quietly break it, this guide is the fix. Bot Fight Mode, JavaScript Detections, Super Bot Fight Mode, and Managed Challenge all inject a per-request inline <script> with unique__CF$cv$paramstokens — which means SHA-256 hashes in your CSP are useless (the body changes every request) and'unsafe-inline'is the wrong escape hatch. The clean answer is a ~30-line Cloudflare Worker that generates a fresh 128-bit nonce per request, splices'nonce-<value>'into the script-src directive of the response CSP header, and stamps the same nonce onto every local inline <script> via HTMLRewriter. Cloudflare's bot-protection injection layer (which runs downstream of the Worker) reads the nonced CSP and applies the matching nonce to its own injected scripts — so JSD's per-request bootstrap, the outer IIFE, and the dynamically-created child scripts all carry a nonce that CSP allows. Includes: full Worker source, deploy steps, curl + DevTools verification, six common pitfalls (per-request hash drift, edge cache, multiple features sharing the JSD injector, ERR_NAME_NOT_RESOLVED red herrings from tracker-blockers, <meta> nonces silently failing, JSON-LD handling), and citations to Cloudflare's own docs. Read the guide →
The final copy was printed in a featured article of Hakin9 (cover-art scan no longer available)
Cross Site Scripting 'XSS' Hacking — 02.2006
This paper covers some XSS/cross site scripting hacking techniques along with filtering techniques to protect your servers against these types of attacks.
[ Pentesting & Privilege Escalation ]
Paper detailing the setup and configuration of a penetration testing lab. This guide and lab is geared towards beginners, looking to test out skills from an internal attackers perspective of a corporate environment setting. This guide use of the following open source projects: VirtualBox, PfSense, BackTrack, Metasploitable 2 and Kioptrix - Level 1 After setting up this LAB environment, you will have the ability to exploit issues from the following categories: 1. Mis-configured Services and Applications 2. Backdoors planted into software 3. Unintentional Backdoors 4. Weak Passwords 5. Web Applications 6. Plus lots more..
Follow-up paper detailing a more advanced penetration testing lab. This time the lab is geared towards people of a intermediate skill levels, looking to test out skills from an external attackers perspective on a corporate environment. This lab will put you or your tools up against a basic stateful inspection firewall, performing NAT for devices living behind. As well as load balanced web servers protected by a WAF. NOTE: This guide assumes you have already read and setup the basic version of the penetration testing LAB.
Workstation security writeup — how a single client foothold cascades into full domain compromise.
Classic Windows privesc trick exploiting unquoted service paths and theProgram.exeat the root ofC:\.
Overview of password recovery and cracking techniques, including time/memory trade-offs and rainbow tables.
[ Reverse Engineering & Malware ]
Analyzing Malware and Malicious Content — 04.2009
An old draft copy of an article I was writing up on analyzing malware. The final copy was featured in the last printed Hakin9 edition.
Polymorphic Code Example — MASM — 06.2007
Quick intro to writing self modifying 'polymorphic' code using VirtualProtect API and MASM.
[ Operations & Reference ]
Security Incident Reporting — 2005
Steps for reporting security incidents to the originator and to public security organizations (CERT/SANS). Includes generic attack workflow, log isolation, and sample report templates.
Common Attacked Ports — 2004
Reference list of commonly attacked ports, collected from honeynet data. (Historical — no longer maintained.)
ASCII table in decimal and hex.
Published Articles — my Hakin9 features
Articles I wrote for Hakin9 — local copies where I host them, publisher pages otherwise: — Raspberry Pi Hacking — Exploiting Software 08.2012 — Honeypots — The Sitting Duck on the Network — Extra 02.2012 — Penetration Testing LAB Setup Guide — Analyzing Malware and Malicious Content — publisher page — Best of Hakin9 2012-2014 — Top 48 — publisher page Full local issue archive: Hakin9 03.2010 · Exploiting Software 07.2012 · Exploiting Software 08.2012 · Extra 02.2012
[ Game Servers ]
L4D2 Server — Install Guide — 05.2026
Step-by-step guide for installing a Left 4 Dead 2 dedicated server with SourceMod and MetaMod:Source on a fresh Debian or Ubuntu VPS. Covers LinuxGSM, Steam GSLT, the modern-kernel execstack fix (includes a Python patch script for the offending .so files), MetaMod + SourceMod install, admin setup, basic hardening, and the usual gotchas. 16 numbered sections. ~30-60 minutes start to finish including the ~10 GB SteamCMD download. Once it's done, the stats install guide picks up where this one leaves off. Read the guide → · Raw markdown
L4D2 Stats — Install Guide — 05.2026
Step-by-step guide for self-hosting persistent L4D2 player stats with a web UI. Combines Jackz's SourceMod plugin, MariaDB, an Astro web app, and nginx with Let's Encrypt HTTPS — the same recipe powering live stats at l4d2.magikh0e.pl. 15 numbered sections covering DB setup, 32-bit client library, plugin compile-from-source (the precompiled binary is usually stale), Astro build, systemd service, nginx reverse proxy, in-game URL wiring, known gotchas, and hardening (ufw + fail2ban + unattended-upgrades). ~1-2 hours start to finish on Debian 12 / Ubuntu 22.04+. Read the guide → · Raw markdown
Companion code drop for the install guides above — four small SourceMod plugins that turn a default Left 4 Dead 2 dedicated server into a 24/7 community server. Drop-in, MIT-licensed, no config files required. Full breakdown on the project page in Code & Tools: Read the pack →
