A Web Log of Thoughts, Ideas, and Nonsense related to Technical Topics

Exploiting JMX to Achieve Administrative Control

Posted in Cyber-Security, Tech, Tutorials on Nov 22, 2021

This post outlines the steps taken to exploit the sandboxed, non-admin JMX feature to gain elevated unrestricted access to a Windows system running Server 2008 R2. This is a second-stage attack using a previously-compromised Linux box as a pivot point within the target network.

Security Breaches Don't Have To Be Disasters

Posted in Cyber-Security, Tech on Mar 12, 2021

We have to craft systems that expect a breach but mitigate the results. This is the concept of defense-in-depth and zero trust taken to their extremes—systems will be compromised, so how do we prevent that from mattering? As Dr. Older says, it's "the interaction between hazard and human settlement or activity that creates a catastrophe." The humanity within data is the most-important cost we should assess, so how do we limit the results of threat activity toward our fellow humans?

A Brief Hello

Posted in General on Aug 30, 2020

A quick hello to say, well, hello, to the site.