Hexxed BitHeadz

Blogs

Hexxed BitHeadz
  • GonkWare v0.49

    GonkWare v0.49

    We’re back! We went AFK last month to dive into the chaos of Hacker Summer Camp in Las Vegas. Now we’ve returned recharged, inspired, and packed with fresh ideas for future projects. Between DEF CON, presenting at BSides LV, and those late-night conversations at the Circle Bar, it was a massive knowledge dump and a…

  • Out Of Office – BSides Buffalo

    Out Of Office – BSides Buffalo

    This month we’re pushing out June’s blog slightly early, as we are currently heading to Buffalo New York for BSides. We are thrilled to have been accepted to share our talk: “A New Host Touches the Beacon” once again. We’ve updated the slides and cannot wait to show off our newest version of this incredibly…

  • V.I.T.A. (Variations In The Acronym!)

    V.I.T.A. (Variations In The Acronym!)

    Introducing VITA! – “Vulnerability and Intrusion Threat Analyzer”! … or maybe…. “Virus Identification and Threat Assessment”….. “Verification of Intrusions, Threats, and Anomalies”? Since I cannot seem to settle on one, it’s probably best for you to just pick the one you like best. Throughout one’s pentesting / malware development or analysis journey, one will typically…

  • Conjuring Reverse Tunnels with Ligolo

    Conjuring Reverse Tunnels with Ligolo

    During this OSCP journey I’ve embarked on in the past few months, the topic of tunneling and pivoting was covered. One night I got frustrated using SOCKS and all of those things, so I went to the OSCP Discord channel, where Ligolo came up as a recommended tool for tunneling. I asked Aromak if he…

  • A walk on the blue side: Part 3

    A walk on the blue side: Part 3

    In my previous blog, I show off how I was able to get Wazuh up and running on an Ubuntu VM, 4 agents installed on 4 separate Raspberry Pis, and 1 agent on a Windows 10 VM. I dove into configurations and testing to understand the beginning fundamentals of Wazuh SIEM. The goal of this…

  • OOO – BSides / DefCon

    OOO – BSides / DefCon

    Here we are, August 2024. Exactly 1 year past the creation of Hexxed BitHeadz. Back on our way to BSides and DefCon Las Vegas, same as we’ve done every year for several years now. Well… Not quite the same… Assembling these articles every month has proven to keep us open minded and deeply involved in…

  • A walk on the blue side: Part 2

    A walk on the blue side: Part 2

    Welcome BACK to my Blue Side adventures. For several years now, I have practiced setting up home lab environments for the sake of practicing penetration testing and red team methodologies. I bet I still have quite a collection of VulnHubs on a drive somewhere around here. But something that has been missing, is getting a…

  • Visible Ink, Invisible Bias

    Visible Ink, Invisible Bias

    The tattoo represents not only a willingness to accept pain – to endure it – but a need to actively embrace it. Because life is painful – beautiful but painful. I’ve always found tattoos interesting. However, my drawing skills are limited to uneven heart shapes, weird trees, and something that may or may not be…

  • A walk on the blue side: Part 1

    A walk on the blue side: Part 1

    Sun Tzu, the renowned strategist, once said “Know your enemy and know yourself and you can fight a hundred battles without disaster.” So how does a Red Team operator be as cool and knowledgeable as Sun Tzu? How can a Red Team operator “Know the enemy”? In this context I do refer to the Blue Team side…

  • Ctrl + Alt + LOL: AI Junior Pentester Edition

    Ctrl + Alt + LOL: AI Junior Pentester Edition

    Artificial Intelligence! What a time to be alive! Students use it to attempt cheating, workers are using AI to train AI, lawyers use in court, CEO’s use to generate articles, inexperience web developers use it to fix website components 🥴, etc. It’s probably easy to say at this point, a lot of us have found…

  • Test drive the Pis with The Boyz

    Test drive the Pis with The Boyz

    Late September… We bought 4 Raspberry Pi 4’s, and then 3 days later, the Raspberry Pi 5 were announced…. After getting over my “UGGGHHHH” emotions, I realized that I was extremely lucky that I could easily return the 4’s, preorder the 5’s, and simply wait a bit longer for the new models.  It seems to…

  • Unraveling the cryptographic thread of HMAC

    Unraveling the cryptographic thread of HMAC

    As a Systems Security Engineer, I spend most of my work hours diving into architecture diagrams, analyzing data flows, and conducting risk and adversarial assessments to protect systems against cyber threats (gotta 💜 being a purple teamer!). One way to protect our systems and ensure data integrity is through the implementation of Hash-based Message Authentication…

Pages

Follow us

Bluesky

Etsy

GitHub