According to Google, “the G Suite legacy free edition will no longer be available starting May 1, 2022.” Therefore, I shut down my account and documented the process for you. Read this post for guidance on how to do the same. There were multiple aspects to migrating away from G Suite legacy free edition. These included: Getting a copy of all my data Migrating over to a new email provider Preparing Google Drive shared files/folders Shutting down the G Suite account Signing up for regular Google accounts Locking down the new Google accounts Preface I’m only covering things I had to do.

Overview My gaming rig died. Gaming rigs can be expensive ($1000-$4000 on average, depending on how much you’re willing to spend). So I spun up a GPU instance on AWS to test how Doom 2016 played as a proof of concept. After the first 5-10 minutes of letting the hard drive warm up, it was buttery smooth. This lead me to investigate the overall costs for using AWS for my PC gaming rather than buying a new rig.

overview This post goes into my journey of making a cryptocurrency trading bot on AWS. The core code for this project is not and will not be published, but I do share lots of code on my GitHub account. Rather, this post details my approach, the roadblocks I hit, and the things I learned. table of contents This is a long post. Here are some links to its sections: ruthless prioritization keep it lean how to bleed money profiling saves money code analysis unit tests “good enough” has its limits go interfaces insert breakpoint conclusion appendix blocking in go error handling signalr ruthless prioritization Over the years, I’ve taken on more projects than I can count.

I participate in bug bounties and pentests in my spare time. I save my code to a private git server that I host on AWS. This post describes the rationale and process I use for this. Problem When working with these programs, it is often part of the NDA to handle client data securely. This includes using encryption, no 3rd party hosting (Dropbox, Pastebin, etc.), no public disclosure, and similar reasonable requests.

During a recent pentest, I encountered a WAF (CloudFlare in this case). I learned some interesting things about how to go about bypassing various filters. Identifying What is Blocked Find an SQL injection. Use as simple of a test case as you can such that the WAF does not block your request. Use that as a base request for sqlmap (see documentation here). Proxy all sqlmap traffic through your proxy of choice (I like Burp).

This blog post details the steps I took to set up AFL fuzzer to target MozJPEG. I did this using the base image that was set up in the post on fuzzing XPDF. This post is written to document how to fuzz something like an image parser. Install prerequisites These are required in addition to anything inherited from the previous blog post. sudo apt-get install nasm autoreconf libtool Prepare MozJPEG cd ~/Downloads wget "https://github.

This blog post explores my first experience with AFL (american fuzzy lop). I targeted Xpdf, a PDF viewer for Linux distributions. This post is mostly designed to document my trial and error approach to optimizing the fuzzing process of Xpdf by using various AFL tools. setup operating system All of this was performed on a standard Ubuntu 14.04 build. No updates were installed. This was because I wanted a more vulnerable setup, so that I could have a higher likelihood of success with AFL.

This blog post will demonstrate how to go about reverse engineering structures and functions of interest in a binary. Once this has been accomplished, I will show how to modify the program at runtime to alter the program flow in our favor. overview For our example, we will be using Microsoft’s Halo for the PC, using build number 01.00.00.0564. Because this is a first person shooter, classic examples of functions of interest would be the ammo counter, health counter, etc.

This blog post will demonstrate how to trigger a vulnerability with only the public information available provided by the vendor during a security patch release cycle. For this analysis, I will be using CVE-2014-0301 that was patched in MS14-013. casing the target First, I gathered as much information about the target vulnerability as possible. By simply looking at the bulletin, it can quickly be seen what files were patched. For Windows 7 (32-bit), the new file information includes qedit.

DarunGrim is a patch diffing utility written by Matt Oh. It uses IDA Pro and a few open source python libraries to perform patch diffs. At the time of this writing, DarunGrim 3.12 Beta is the most recent release. It can be obtained from Github. If that link goes down, you can get it from this mirror. This page tells you which prerequisites are needed, where to get them, and how to install them.