Steven’s Tech Blog

A variety of content documenting my adventures as a security engineer and software developer

Posts


  • An In-Depth Look at TLS

    An In-Depth Look at TLS

    The ‘S’ in HTTPS, the lock icon in the top left of your browser, the lack of a suspicious “this site is insecure” warning – most everyone who uses the internet is familiar with these, yet fewer know what exactly they mean, and even fewer still understand how it works behind the scenes. Transport Layer…

    Read more…


  • Exploiting SMTP

    Exploiting SMTP

    (Continuation of Part 2) For the next network security challenge, I will be testing my skills against a vulnerable SMTP server. SMTP (Simple Mail Transfer Protocol) is one of a few application-layer protocols powering e-mail services, along with POP (Post Office Protocol) and IMAP (Internet Message Access Protocol), with SMTP being primarily responsible for sending…

    Read more…


  • Exploiting NFS

    Exploiting NFS

    (Continuation of Part 1) In this challenge, I will be exploiting an intentionally misconfigured NFS server to obtain root privileges. Network File System (NFS) is used to share files over a network, allowing users to access remote files as if they were local. Starting out with a basic nmap port scan, I discovered that an…

    Read more…



“The best way to ensure success is to triple your rate of failure.”

“The day we stop learning is the day we start dying.”

“What a beautiful day it is. If only I’d realized that sooner.”