Skip to main content


CompTIA Pentest+: A Retrospec.

CompTIA Pentest+: A RetrospectiveI get asked by students often enough what certifications they should be aiming at. Usually, it's a few freshmen that heard that the OSCP was industry standard for penetration testing and have now set their every so green sights upon that. It's always an interesting conversation correcting that piece of misinformation. There's also an occasional couple of soon to be graduating seniors who would like to bolster their resume with a cert. There are also the students who heard that the CEH was the way to go if you want to become a "real hacker". Bleh. I think this is where the Pentest+ comes in.
Recently, I sat for and passed the CompTIA Pentest+. This will be the certification that I now recommend to my students....along with the Security+ of course. While the argument can be made that this certification is not comprehensive enough with it being completely theoretical and not at all practical there's still value to be found in it.…
Recent posts

Android 10/Q and WiFi Scan De-Throttling

Android 10/Q and WiFi Scan De-Throttling Some simple instructions on how to enable WiFi scan de-throttling in Android 10/Q. The phone in the following example was a Google Pixel running Android 10/Q. Open the Settings appScroll to the bottom and select About phone.Scroll to the bottom and tap Build Number 7 times.Return to the previous screen (Settings) to find System near the bottom.

Under System is Advanced Options

Scroll to the bottom and select Developer Options

Under Networking is the setting for Wi-Fi scan throttling

Untoggle the previous option and WiFi scanning should be de-throttled...Happy WiGLE'ing!

Biohacking: Upgrading People

Biohacking: Upgrading People Last summer I was lucky enough to get one c00p3r's last chips installs before the end of DEFCON. This past weekend I spent over 20+ hours answering questions about biohacking, watching implant installs, and explaining the use cases for each type of chip. At this point, you could say that I rep the colors of the biohacking community. I wanted to create a short list of some of the questions I received, recommendations I gave, use cases, and thoughts I had.
FAQWhat about the mark of the beast? I actually only received this question once during the course of the weekend. It sparked some interesting conversation though. Looking at the specific scripture we find the following...

And he causes all, the small and the great, and the rich and the poor, and the free men and the slaves, to be given a mark on their right hand or on their forehead, 17  and he provides that no one will be able to buy or to sell, except the one who has the mark, either the name of the b…

Social Engineering or: How I Learned to Love a Flash Sale

Social Engineering or: How I Learned to Love a Flash Sale

Disclaimer: This was originally written as a blog post for a social engineering graduate class. It was developed to provide non-InfoSec and everyday folks with an explanation of what social engineering is. Hopefully, something that could be given to your parents or the grandmother that just got hired on at your company.

There's a misconception that social engineering is only used by nation-state actors, thieves, and used car salespeople. What people miss is that social engineering is all around us. It's in the media that we consume, it's in the habits that we have, and the bonds we form with people. By demystifying social engineering, we can help people understand that this isn't some fringe concept that is only employed by the mischievous and maleficent, but something that is used by everyone. It's easier to guard yourself against the everyday spring rain shower than it is a nuclear holocaust.


Each o…

Pay vs Passion: Redux

GrrCON 2018 has come and passed. It's been an interesting year since the last one with a whole lot happening since then. Let's look at some of it...

Accepted to grad schoolAgainst all of my own beliefs, I got accepted to graduate school. This semester includes a class in social engineer, IoT, and finally homeland security. It's been a wild semester so far. I've had the chance to work on some great projects and learn some really interesting concepts. I won't say it's all been great. It's been incredibly busy! I'm working part-time, TA'ing, and going to school full time. Hard to find time for much more in all honesty. Not every day does it feel like it's worth it, but looking at the semester so far it has been.Ran a teen hacking program at the local public libraryThis was pretty awesome honestly. I happened to mention to a friend that I was thinking about doing a teen program to get kids into hacking. She just happened to work at the public libr…

Pay vs Passion: The Price of Risk

A little under a year ago I was sitting at GrrCON trying to decipher why I wasn’t enjoying myself. I didn’t want to go to the villages; I didn’t want to mingle, and I definitely didn’t want to listen to talks. It’s an understatement to say that I was weighed down by some anxiety, apprehension, and fear. The weekend eventually culminated in me having a panic attack in the parking lot. While crawling into the shower — hungover of course — the next morning I came to the realization that I was unhappy with where I was headed. I couldn’t enjoy the conference, because I was thinking about everything that laid in front of me after the conference.

 Flashback six months earlier and I was contemplating what I would do once I graduated from University. I was about to graduate with a BS in Network Engineering. A job offer was on the table at a respected managed service provider in Chicago. The pay was great, the benefits were outstanding, and it would be a move to the big city! A newfound interes…