[ Guides & Tutorials ]

[ Network, Wireless & Pivoting ]

Guide on setting up a GPS capable Android for use with GPSd & Kismet, utilizing
Giskismet to create a KML file from NETXML exports to be viewed within google
maps/earth to see locations of detected wireless networks.
Paper explaining some SSH Gymnastics tricks and how to setup a tunnel with ssh's
-D option to setup a tunnel that is capable of bypassing filtering, ips/ids or a
firewall / appliance.
Master the power of netcat and become a true network ninja warrior, then hack
with your cat.
Quick paper write up explaining tcpdump basics and some of the advanced
features.

[ Web & Infrastructure Security ]

If you've set a strict Content-Security-Policy on a Cloudflare-fronted
site and watched Bot Fight Mode quietly break it, this guide is the
fix. Bot Fight Mode, JavaScript Detections, Super Bot Fight Mode, and
Managed Challenge all inject a per-request inline <script> with
unique __CF$cv$params tokens — which means SHA-256 hashes in
your CSP are useless (the body changes every request) and
'unsafe-inline' is the wrong escape hatch.

The clean answer is a ~30-line Cloudflare Worker that generates a fresh
128-bit nonce per request, splices 'nonce-<value>' into the
script-src directive of the response CSP header, and stamps the same
nonce onto every local inline <script> via HTMLRewriter. Cloudflare's
bot-protection injection layer (which runs downstream of the Worker)
reads the nonced CSP and applies the matching nonce to its own
injected scripts — so JSD's per-request bootstrap, the outer
IIFE, and the dynamically-created child scripts all carry a nonce
that CSP allows.

Includes: full Worker source, deploy steps, curl + DevTools
verification, six common pitfalls (per-request hash drift, edge cache,
multiple features sharing the JSD injector, ERR_NAME_NOT_RESOLVED red
herrings from tracker-blockers, <meta> nonces silently failing, JSON-LD
handling), and citations to Cloudflare's own docs.

Read the guide →
The final copy was printed in a featured article of Hakin9 (cover-art scan no longer available)
This paper covers some XSS/cross site scripting hacking techniques along with
filtering techniques to protect your servers against these types of attacks.

[ Pentesting & Privilege Escalation ]

Paper detailing the setup and configuration of a penetration testing lab.

This guide and lab is geared towards beginners, looking to test out
skills from an internal attackers perspective of a corporate
environment setting.

This guide use of the following open source projects:
VirtualBox, PfSense,
BackTrack, Metasploitable 2
and Kioptrix - Level 1

After setting up this LAB environment, you will have the ability
to exploit issues from the following categories:

1. Mis-configured Services and Applications
2. Backdoors planted into software
3. Unintentional Backdoors
4. Weak Passwords
5. Web Applications
6. Plus lots more..
Follow-up paper detailing a more advanced penetration testing lab.

This time the lab is geared towards people of a intermediate skill levels,
looking to test out skills from an external attackers perspective on a
corporate environment.

This lab will put you or your tools up against a basic stateful inspection
firewall, performing NAT for devices living behind.

As well as load balanced web servers protected by a WAF.

NOTE: This guide assumes you have already read and setup the basic
version of the penetration testing LAB.
Workstation security writeup — how a single client foothold cascades into
full domain compromise.
Classic Windows privesc trick exploiting unquoted service paths and the
Program.exe at the root of C:\.
Overview of password recovery and cracking techniques, including
time/memory trade-offs and rainbow tables.

[ Reverse Engineering & Malware ]

An old draft copy of an article I was writing up on analyzing malware. The final
copy was featured in the last printed Hakin9 edition.
Polymorphic Code Example — MASM — 06.2007
Quick intro to writing self modifying 'polymorphic' code using VirtualProtect
API and MASM.

[ Operations & Reference ]

Steps for reporting security incidents to the originator and to public security
organizations (CERT/SANS). Includes generic attack workflow, log isolation,
and sample report templates.
Reference list of commonly attacked ports, collected from honeynet data.
(Historical — no longer maintained.)
ASCII table in decimal and hex.
Published Articles — my Hakin9 features
Articles I wrote for Hakin9 — local copies where I host them,
publisher pages otherwise:

  — Raspberry Pi Hacking — Exploiting Software 08.2012
  — Honeypots — The Sitting Duck on the Network — Extra 02.2012
  — Penetration Testing LAB Setup GuideAnalyzing Malware and Malicious Content — publisher page
  — Best of Hakin9 2012-2014 — Top 48 — publisher page

Full local issue archive: Hakin9 03.2010 ·
Exploiting Software 07.2012 ·
Exploiting Software 08.2012 ·
Extra 02.2012

[ Game Servers ]

Step-by-step guide for installing a Left 4 Dead 2 dedicated server with
SourceMod and MetaMod:Source on a fresh Debian or Ubuntu VPS. Covers
LinuxGSM, Steam GSLT, the modern-kernel execstack fix (includes a Python
patch script for the offending .so files), MetaMod + SourceMod
install, admin setup, basic hardening, and the usual gotchas.

16 numbered sections. ~30-60 minutes start to finish including the ~10 GB
SteamCMD download. Once it's done, the
stats install guide picks up
where this one leaves off.

Read the guide → ·
Raw markdown
Step-by-step guide for self-hosting persistent L4D2 player stats with a
web UI. Combines Jackz's SourceMod plugin, MariaDB, an Astro web app,
and nginx with Let's Encrypt HTTPS — the same recipe powering
live stats at l4d2.magikh0e.pl.

15 numbered sections covering DB setup, 32-bit client library, plugin
compile-from-source (the precompiled binary is usually stale), Astro
build, systemd service, nginx reverse proxy, in-game URL wiring,
known gotchas, and hardening (ufw + fail2ban + unattended-upgrades).
~1-2 hours start to finish on Debian 12 / Ubuntu 22.04+.

Read the guide → ·
Raw markdown
Companion code drop for the install guides above — four small SourceMod
plugins that turn a default Left 4 Dead 2 dedicated server into a 24/7
community server. Drop-in, MIT-licensed, no config files required.

Full breakdown on the project page in
Code & Tools:

Read the pack →

[ See Also ]