The Presumptuous Commoner
(evolution of the prescomm avatar over the years)
In 2015, while my career in infosec was still very much nascent, I needed to come up with a pseudonym (a handle, in more ancient parlance) under which I could post my findings regarding the at-the-time newest version of the CryptoWall ransomware family. I fired up a random word generator, and the first two words generated were "Presumptuous" and "Commoner". I posted on the Bleeping Computer forums, interacted on the IRC server, and eventually grabbed a site on Blogger where I could host my projects, articles, write-ups, and random thoughts.
A natural consequence of starting a blog at the beginning of your career is that you will look back on it with some degree of embarassment for how wrong or how obvious many of the things you posted turned out to be. This does not diminish the value of the exercise at the time, which taught you to communicate your thoughts, methodologies, conclusions, etc. in clear but engaging ways. However, it does mean that the value of those posts to an audience of readers is revealed to be low or non-existent.
As such, while migrating artifacts from my original blog to this website, I have made some editorial decisions on which content to keep and which content to purge. I generally feel like what I have kept is content that contains technqiues and skills that are timeless, to whatever degree that is possible in this rapidly changing world. Most of the content kept will fall into either CTF-style challenge write-ups or analyses of real-world threats and incidents.
Articles
Throughout my career I have written multiple articles realted to topics that I found interesting at the time, usually some incident or threat I had encountered in my professional or personal life that seemed interesting enough to investigate and document.
• Post #2 (Or "MHN, Maltrieve, And A Malicious Internet.") - A brief article discussing my malware sample gathering setup with Modern Honey Network and Maltrieve.
• Post #3 (Or "Bot, Begone! Let's Get Dirty With Some Cleanup.") - Part 1 - Part one of a two-post write-up covering the tracking down of a botnet infection and subsequent analysis of the infected host machine.
• Post #4 (Or "Bot, Begone! Let's Get Dirty With Some Cleanup.") - Part 2 - Second part of a two-post botnet infection analysis write-up, this time focusing on memory dumps and traffic analysis on the infected hose machine.
• Post #7 (Or "Indomitable Occulite Chimera... That Isn't Right?") - Brief discussion of my response and write-up of a manual ransomware attack against a consumer-grad NAS device with exposed public ports, as well as the related IOCs I crafted and shared.
• Post #9 (Or... "Perl, Java, DDoS... Oh, My!") - Technical analysis of a Perl/Java DDoS botnet infection.
• Post #13 (Or... "All In All...") - A brief post announcing my contribution on BleepingComputer of the discovery of CryptoWall 4.0, along with some artifacts and discovery tools.
• Post #14 (Or... "I've been EXPOSED!") - Very short write-up of an email I received blackmailing me after the Adult Friend Finder.
• Post #15 (Or... "You're As ColdFusion As Ice!) - Decently long analysis of a ColdFusion breach on a victim server; first part of a two-part write-up..
• Post #16 (Or... "ASPXSpy With My Little Eye") - Follow-up to the ColdFusion breach–analysis of the ASPX RAT that was installed once the attacker had established their foothold.
• Post #18 (Or... "Ogres Have Layers, Obfuscation Has Layers...") - A quick but interesting post regarding a fairly mundane JavaScript sample with an interesting obfuscation technique.
• Post #19 (Or... "Anyone Want A .JAR Of .DOCX?") - Lengthy review of Java-based malware that used a fake .docx document as a lure via phishing.
• Post #20 (Or... "I'm back; Here's A Verizon SMiSh!") - Quick and humorous write-up analyzing a SMiShing message I received.
CTF Writeups
As my technical skills began to grow, so did my interest in penetration testing and proactive security measures. I spent a few years competitively playing HackTheBox as part of a group with whom I no longer wish to associate due to a major difference in social ethics. When I left that group, I migrated my CTF write-ups with me to my blog, and now I am bringing them over here once again. I also eventually started taking part in OSINT challenges as a part of several wonderful groups who are, sadly, no longer around.
• Post #21 - HackTheBox Write-Up: Access - OS: Windows, Difficulty: Easy - A fairly straightforward box involving FTP directories and Access database files.
• Post #22 - HackTheBox Write-Up: Curling - OS: Linux, Difficulty: Easy - Mostly uncomplicated box that uses unsanitized uploads, a bit of decoding, and abusing scheduled commands running as root to inject our own code.
• Post #23 - HackTheBox Write-Up: Irked - OS: Linux, Difficulty: Easy - An easy Linux box with an obvious initial IRC foothold, a bit of steganography, and a root flag easily obtained by a hardcoded filepath in an executable.
