Keiran.SCOT

• Evasion Techniques — Hiding your process from `ps`

  Everything in Linux is a file, that even goes for your process information. This lived inside the /proc directory on your filesystem. Today we will use and abuse this knowledge to hide a target process from the ps command in Linux, and in essence other Unix based systems. But first… How does the ps command work? As mentioned previously everything in Linux is a file, including the process tree in /proc.
  Oct 10, 2022 - 6 min read

• Exploiting XXE Vulnerabilities

  

  XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access, and in the case of PHP can lead to Command Execution.

  
  Feb 6, 2022 - 3 min read

• Migrating away from medium

  Today I took the step to migrate away from the Medium platorm and revert back to a Hugo and AWS setup. Over the past few years I have been blogging (fairly infrequently) on the platform and was mainly attracted to getting paid per post behind their paywall. However more recently I’ve came to realise I don’t really write content to get paid $3.99 per month (Max i’ve been paid is $50 for an article, then it drops to pennies).
  Feb 6, 2022 - 2 min read

• Executing Windows Shellcode in Golang

  There are a plethora of reasons as to why you may want to have a custom written shellcode runner, Whether that be to Avoid Detection or Aid in Portability there are also a plethora of ways and languages to write one in from C all the way down to PowerShell. Today i’m going to show you how to use native Golang functions to use the Windows API to execute a Meterpreter Shell.
  Jul 4, 2021 - 5 min read

• Sniffing Creds with Go, A Journey with libpcap

  In the good ol’ days to write a credential sniffer you had to spend alot of time learning C and libpcap this was extremely time consuming and no one really wants to go through that. So today we have GoLang, the statically typed language from google, specifically the gopacket library from google. Gopacket is a library that introduces packet filtering and capturing to go. It comes with C Bindings for libpcap, C Bindings for pfring, afpacket C Bindings and tcpassembly.
  Nov 30, 2020 - 6 min read

• Privilege escalation with Docker

  Today we are going to learn how to Elevate our Privileges in a Linux system using Docker. Docker What is Docker? Docker is a set of platform as a service products that uses OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels. How does docker lead to privesc When an admin allows an un-privileged user access to the ‘docker’ group it allows us to make use of the docker CLI to create containers.
  Jul 5, 2020 - 4 min read

• XML To JSON in Golang Demystified

  There comes a point in every developer’s life where XML data is painfully unavoidable to work with. RSS Feeds try to make this easier but everyone prefers good ol’ JSON, unless you are a sadist. In Golang we can attack this in a number of ways like using an XML to JSON Library, but why not use the Go standard libraries and save some vendoring issues. Building our own XML to JSON function I was recently working on something that required a Medium RSS feed published to a website and thought why not use a GoLang function running on OpenFaaS to accomplish this.
  Jan 22, 2020 - 6 min read

• Building a ToDo API with Golang and Kubernetes! – Part 3 – Building and Deploying our Application

  In [Part 1][1] and [Part 2][2] we built a functional API using Golang and MongoDB, although as it stands its insecure. We can add password protection using Basic Auth while deploying ([See here][3]). In this tutorial we will build a very tiny docker container and deploy to our Kubernetes Cluster. For the purposes of this tutorial I won’t be showing you how to setup a Kubernetes Cluster, However you can do it easily with [Terraform][4] and [DigitalOcean][5].
  Apr 21, 2018 - 3 min read

• Building a ToDo API with Golang and Kubernetes! – Part 2 – CRUD

  Hi and welcome to Part 2 of Building a ToDo API with Golang and Kubernetes! In part 1 we learned what we were going to build and how to use mux to route an HTTP Request to a Handler function. In this part we will learn how to build our endpoints for CRUD(Create, Read, Update, Delete) operations, And how to use MongoDB to store our ToDo Items. Key learning Points Handling HTTP Methods with mux How to use variables in your route path with mux Using mgo to Manipulate data in MongoDB MongoDB MongoDB is a free and open-source cross-platform document-oriented database program.
  Mar 4, 2018 - 8 min read

• Building a ToDo API with Golang and Kubernetes! – Part 1 – Introduction

  Hi Folks, Welcome to another tutorial series on building cloud native applications. In this series you will learn how to use golang and MongoDB (mgo) to build a cloud native API microservice using golang and deploying it to a Kubernetes Cluster with your own Helm chart! Prerequisites A golang installation Docker CE installed on your local system A Kubernetes Cluster I am using Google Kubernetes Engine ($300 Free Trial) Alternatively setup minikube HelmTo save time run ‘helm init’ to setup Helm on your cluster A basic understanding of Go A docker hub account A github account What will you learn?
  Mar 2, 2018 - 4 min read

• 1
• 2