Installing Gallium OS + Pen-Testing tools on Stock Chromebook

A while back I picked up an Acer Chromebook 14 as an inexpensive laptop I could use around the house or lug along on trips without being overly paranoid I’d break it, lose it, or have it stolen.  I did initially look into installing Linux on it after having it a few months but firmware support was very sketchy with newer Braswell Chromebooks at the time so I put it on the back burner for a while.  I did toy around with using Crouton but performance was frustratingly bad and didn’t seem worth the bother to me. Continue reading “Installing Gallium OS + Pen-Testing tools on Stock Chromebook”

Using pfSense’s ACME Package to Generate Let’s Encrypt Certs (ver 2.3.4-RELEASE-p1)

Important note before proceeding:  Let’s Encrypt certificates are non-self-signed certificates and completely free, but do require that you own and be able to verify a domain name.

Similar to other pfSense packages start the installation by simply going to:

  • System: Package Manager: Available Packages

From there locate the “ACME” package and select install. Once installed then go to:

  • Services: ACME Certificates

Continue reading “Using pfSense’s ACME Package to Generate Let’s Encrypt Certs (ver 2.3.4-RELEASE-p1)”

5 Year Plan & Information Security Career Goals

This recent talk by John Strand got me thinking a lot about how I can more strategically put together a plan toward my own career goals.  I’m a SOC analyst now but would ultimately like to gain a good base of experience and skills required to either move on to more advanced blue team roles or become a pen-tester.  Even though some of the advice given in the talk is more focused on those that are completely new to security or are recent graduates the advice is still very pertinent to those of us already in the field.

Continue reading “5 Year Plan & Information Security Career Goals”

Obfuscating PowerShell Commands using Invoke-Obfuscation


Thanks to one of Dave Kennedy’s talks for making me aware of this tool for obfuscating PowerShell code.  As PowerShell is used more and more in attacks the higher the likelihood there is for defenders to attempt to detect malicious commands or look for specific strings.  To evade these detection techniques we can try to encode our commands to make them much harder to detect.

I’ll use the previous Bash Bunny Payload as an example with this tool.

Continue reading “Obfuscating PowerShell Commands using Invoke-Obfuscation”