The earliest memory I have of ‘programming’ is in the early/mid 90s when my father brought home a computer from work. We could play games on it … so of course I took the spreadsheet program he used (LOTUS 123, did I date myself with that?) and tried to modify it to print out a helpful message for him. It … halfway worked? At least I could undo it so he could get back to work…

After that, I picked up programming for real in QBASIC (I still have a few of those programs lying around), got my own (junky) Linux desktop from my cousin, tried to learn VBasic (without a Windows machine), and eventually made it to high school… In college, I studied computer science and mathematics, mostly programming in Java/.NET, although with a bit of everything in the mix. A few of my oldest programming posts on this blog are from that time.

After that, on to grad school! Originally, I was going to study computational linguistics, but that fell through. Then programming languages (the school’s specialty). And finally I ended up studying censorship and computer security. That’s about where I am today!

But really, I still have a habit of doing a little bit of everything. Whatever seems interesting at the time!

Rebuilding Streams with TShark

2023-11-14

Another quick post in a list of CTF techniques: filtering streams with tshark. tshark is the command line half of the packet capture tool Wireshark. The advantage here is it let’s you do all manner of filtering on the command line.

SQLite Metadata via SQL Injection

2023-11-09

As mentioned in my previous post, I recently participated in a security CTF exercise and wanted to write out a few interesting techniques.

This is the second: extracting SQL metadata from a SQLite database.

Mongo DB Data Exfiltration via Search Conditions

2023-11-07

I recently participated in a security capture the flag (CTF) exercise through work. The goal was–in a wide variety of ways–to find a hidden string of the form flag{...} somewhere in the problem. Some required exploiting sample websites, some parsing various data formats or captures, some required reverse engineering code or binaries, and (new this year) some required messing with LLMs.

As I tend to do for just about everything, I ended up writing up my own experiences. I won’t share that, since it’s fairly tuned to the specific problems and thus 1) not interesting and 2) probably not mine to share, but I did want want to share a few interesting techniques I found/used. If it helps anyone either defend against similar attacks in the real world or (more importantly 😄) someone comes across this while trying to solve a CTF of their own, all the better.

Okay, first technique: extracting data from a MongoDB database using search conditions.

Adding local search to Hugo with Pagefind

2023-09-25

At this point, I have very nearly 2500 posts going back almost 20 years (… whoa). In a lot of ways, it’s a second brain for me. I actually find myself (from time to time) going back and looking up my various old posts.

Sometimes, I wanted to know how I solved a particular programming problem, sometimes I wanted to know when I went somewhere (by pictures!), and sometimes I wanted to know what a particular book or movie was about.

So for the longest time, I’ve had (up in the corner there) a nice search box. Powered by Google: ~~Don’t Be Evil~~. Well, today, let’s see if we can do better!

Crosslinks by Title in Hugo--But Better!

2023-08-21

Once upon a time, I solved Crosslinks by Title in Hugo. Back then, I added a shortcode so that I could link to any post by title like this:

{{< crosslink "Title goes here" >}}

It worked pretty well, but … it never really felt ‘Markdown’y. Which I suppose was the point.

But more recently, I came across Markdown render hooks.

What’s that you say? I can write code that will take the parameters to any Markdown link (or image/heading/codeblock) and generate the HTML with a custom template?

Interesting!

StackLang Part IX: Better Testing

2023-08-12

Two posts in two days? Madness! Posts in StackLang: StackLang Part I: The Idea StackLang Part II: The Lexer StackLang Part III: The Parser StackLang Part IV: An Interpreter StackLang Part V: Compiling to C StackLang Part VI: Some Examples StackLang Part VII: New CLI and Datatypes StackLang Part VIII: Compiler Stacks StackLang Part IX: Better Testing But really, it got a bit late yesterday so I figured I’d split this into two different posts.

StackLang Part VIII: Compiler Stacks

2023-08-11

Let’s continue StackLang Part VII: New CLI and Datatypes and implement lists stacks in the compiler! Posts in StackLang: StackLang Part I: The Idea StackLang Part II: The Lexer StackLang Part III: The Parser StackLang Part IV: An Interpreter StackLang Part V: Compiling to C StackLang Part VI: Some Examples StackLang Part VII: New CLI and Datatypes StackLang Part VIII: Compiler Stacks StackLang Part IX: Better Testing In this post:

StackLang Part VII: New CLI and Datatypes

2023-08-05

Another day, another Stacklang! Posts in StackLang: StackLang Part I: The Idea StackLang Part II: The Lexer StackLang Part III: The Parser StackLang Part IV: An Interpreter StackLang Part V: Compiling to C StackLang Part VI: Some Examples StackLang Part VII: New CLI and Datatypes StackLang Part VIII: Compiler Stacks StackLang Part IX: Better Testing Today, we’ve got two main parts to work on: A new CLI New datatypes (VM only; so far!

StackLang Part VI: Some Examples

2023-07-16

We’ve gone through all sorts of things building up the StackLang language so far: Posts in StackLang: StackLang Part I: The Idea StackLang Part II: The Lexer StackLang Part III: The Parser StackLang Part IV: An Interpreter StackLang Part V: Compiling to C StackLang Part VI: Some Examples StackLang Part VII: New CLI and Datatypes StackLang Part VIII: Compiler Stacks StackLang Part IX: Better Testing But what can we actually do with it?

StackLang Part V: Compiling to C

2023-07-12

It’s been a bit, but I hope it’s worth it. StackLang, part 5: compiling to C!