Would you just look at that sunrise? Magnificent.

Oh, right! Welcome! You’ve found my Notes!

I’m a cybersecurity researcher, red teamer, and ethical hacker. You might know me as the creator and instructor of Practical Malware Analysis & Triage on TCM Security Academy. Or as one of the lead developers of OffensiveNotion. Or as Infosec Twitter’s impish but good natured little brother.

Or maybe you don’t know me. In that case, it’s great to meet you!

What is this site?

This is my personal note archive. It’s somewhere between a blog and a running list of notes, projects, and scattered thoughts. It’s much more focused on process and notetaking when compared to my main blog over at huskyhacks.dev. It’s built with Notion and allows me to rapidly iterate on ideas, document projects, and write on my methodology and experiments.

This note repo is a portal into how I view the world as a practitioner. It represents the process rather than the end result.

More substance, less style.

Read on for my notes and blog posts!

🎤 Speaking & Business Inquiries

huskyhacks.mk[at]gmail[dot]com

(subj: [Speaking] or [Business])

🌐 Where You Can Find Me

🐦 Twitter | 📡 Main Blog | 👽 GitHub | 📺 YouTube

📒Recent Notes

8/30/22 🥋Content Creators, I Will Teach You Cyber Jiu-Jitsu

8/12/22 🛡️The Responsible Red Teamer’s Manifesto

7/30/22 🌉On Patching Binaries

7/16/22 🦟MS-Interloper: On the Subject of Malicious MSIs

4/22/22 👁️‍🗨️Failing All The Way To Token Manipulation, Part 1

4/16/22 ☁️COM Hijacking Creative Cloud

⚡My Work

TryHackMe | Weasel

I think the data science team has been a bit fast and loose with their project resources.

tryhackme.com

The Taggart Institute: Master Your Craft

Great hackers are good people. Many courses on red teaming will teach you the technical process of how to exploit targets. But seldom do courses cover what it means to carry out the role of a red teamer responsibly.

taggartinstitute.org

TryHackMe | Takedown

We have reason to believe a corporate webserver has been compromised by RISOTTO GROUP. Cyber interdiction is authorized for this operation. Find their teamserver and take it down.

tryhackme.com

Practical Malware Analysis & Triage

Arm yourself with knowledge and bring the fight to the bad guys! Practical Malware Analysis & Triage (PMAT) brings the state of the art of malware analysis to you in engaging instructional videos and custom made, practical labs. Welcome to Practical Malware Analysis & Triage.

academy.tcm-sec.com

GitHub - HuskyHacks/PMAT-labs: Labs for Practical Malware Analysis & Triage

Welcome to the labs for Practical Malware Analysis & Triage. Read this carefully before proceeding. This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate common malware characteristics or are live, real world, "caught in the wild" samples.

github.com

📝Recent Blog Posts

ChatGPT & Malware Analysis

I, for one, welcome our new AI overlords.

notes.huskyhacks.dev

TryHackMe: Takedown Walkthrough

This is the official walkthrough for this room. I did not cover every single detail available but do cover enough to get from start to finish. Obviously, major spoilers are ahead from here on out.

notes.huskyhacks.dev

Malware Analysis Labs: Internal Network vs Host-Only

"If Host-Only mode allows a VM to route to the physical host in some circumstances, can it really be considered safe for malware analysis?" I applaud my students for approaching me about this because it means they are thinking critically about safety during malware analysis.

notes.huskyhacks.dev

How To HACK Your EX'S SOCIAL MEDIA ACCOUNTS (REAL GUIDE)

What better way to get revenge than to your ? That's where I, 0xTastyyboi, come in. I'm going to show you all that you need to know to EX'S SOCIAL MEDIA ACCOUNTS your . EX'S SOCIAL MEDIA ACCOUNTS ... Kali doesn't have notepad.exe ? What the hell is...

notes.huskyhacks.dev

Red Team Infrastructure Done Right

You may be familiar with Tim MalcomVetter's blog post on Safe Red Team Infrastructure , where he lays out the high level overview of how to make a safe red team operational network. That post changed my life, but it did lack the technical details on how to do this process in a practical sense.

notes.huskyhacks.dev

We Put A C2 In Your Notetaking App: OffensiveNotion

Notion is a popular notetaking application. It has lots of great features that make notetaking a snap. Some of the features we love the most include the capability to share notebooks across teams, push notes to cloud storage, build custom templates, and, in general, deck out your pages so they feel like they have lots of personality!

medium.com

DLL Hijacking & DLL Proxying An SNES Emulator

Time: 30 mins Difficulty: Beginner Skills: Custom Exploit Development, DLL Hijacking 30 minute exploit dev post. Let's get it. I fell down another security research rabbit hole and when I snapped out of it, I found myself.... ...playing Chrono Trigger? Wait, what? That program in the picture is an SNES Emulator and, if you're like...

huskyhacks.dev

🎙️Presentations & Interviews

Xn0mas Interview: Advice to my younger self, what new red teamers should know, the life of an adversary emulation red teamer - 11/7/22

HuskyHacks: Interview

"Matt! You're with the red team. Move it!" Yelled the drill instructor. Matt took the red helmet of the table, and ran to join his crew. They were sent to the forest, with only one job. Find a way to attack the fortified position. Nothing is out of the picture.

medium.com

Hack Smarter - Mental Health, Malware Analysis, and More! 9/14/22

Gerald Auger, PhD - Simply Cyber Interview 9/1/22

DEF CON 615 - The Crown: Exploratory Analysis of Nim Malware, Jan 25th 2022

HackerOne Veterans in Security Event Workshop | The O-Course: An OWASP Top 10 Obstacle Course for Beginners

📺 YouTube Videos

I don’t really make YouTube videos that often but here are a few that I’ve made or been featured in over the years. I did one with John Hammond, which was pretty pog. I also do the TryHackMe Advent of Cyber walkthrough videos and wrote a whole song for one: