blog.ropnop.com Open in urlscan Pro
76.76.21.142  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Toggle navigation ropnop blog
 * Posts
 * Conference Talks
 * Tags
 * Series





ROPNOP BLOG

--------------------------------------------------------------------------------

A place to dump things I find interesting and think others might want to know


HOW TO STORE SESSION TOKENS IN A BROWSER (AND THE IMPACTS OF EACH)

 Posted on October 3, 2020  |  ropnop

A common question when building a SPA is: where do I store my session tokens?
I'll talk through the main options and the pros/cons of each [Read More]
javascript  browser  cookies  tokens 


LEARNING GO CONCURRENCY FROM FACTORIO

 Posted on June 28, 2020  |  ropnop

Go's concurrency model confused me at first, but it finally clicked when I
thought of it like building an assembly line in Factorio [Read More]
go 


HOSTING THE CLR AND EXECUTING .NET ASSEMBLIES FROM GO

 Posted on March 15, 2020  |  ropnop

Write up of my journey figuring out how to host the CLR and execute .NET
assemblies from memory in pure Go. [Read More]
golang  windows  .net  clr 


PROXYING AND INTERCEPTING CLI TOOLS

 Posted on February 9, 2020  |  ropnop

Sometimes you need to intercept traffic from CLI tools. In this post I cover
using Burp to intercept traffic from Java, Python, Node and Go CLIs [Read More]
burp  proxy  python  java  node  go 


DOCKER FOR PENTESTERS

 Posted on July 18, 2019  |  ropnop

Docker has become such an integral part of my worfklow recently. These examples
should demonstrate how Docker can help you be a more efficient pentester [Read
More]
docker  pentest  impacket  linux  smb  windows 


ATTACKING DEFAULT INSTALLS OF HELM ON KUBERNETES

 Posted on January 28, 2019  |  ropnop

Default installations of Helm on Kubernetes can make it trivial for attackers to
escalate to cluster admin. In this post I'll demonstrate how. [Read More]
pentest  kubernetes  helm  tiller  gke 


SERVERLESS TOOLKIT FOR PENTESTERS

 Posted on November 11, 2018  |  ropnop

Serverless functions have so much potential - here's a few useful examples I use
when pentesting or doing bug bounties. Who needs testing infrastructure? [Read
More]
docker  pentest  serverless 


EXTRACTING SSH PRIVATE KEYS FROM WINDOWS 10 SSH-AGENT

 Posted on May 20, 2018  |  ropnop

The newest Windows 10 update includes OpenSSH utilities, including ssh-agent.
Here's how to extract unencrypted saved private keys from the registry [Read
More]
windows  ssh  powershell  openssh  rsa  pentest 


CONFIGURING BURP SUITE WITH ANDROID NOUGAT

 Posted on January 18, 2018  |  ropnop

Android Nougat changed the default behavior for apps, so installing the Burp CA
to user certs no longer works. Here's two ways to bypass it [Read More]
android  burp  nougat 


SANS HOLIDAY HACK 2017 WRITEUP

 Posted on January 18, 2018  |  ropnop

The SANS team hit another homerun with the HHC including awesome challenges that
mimicked real-world pentest activities. Here's my solutions! [Read More]
sans  writeup  pentest  holidayhack 
SANS Holiday Hack Write-ups 
 * Older Posts →


 * 
 * 
 * 
 * 

ropnop  • © 2020  •  ropnop blog

Hugo v0.63.2 powered  • Modified theme based on Beautiful Hugo