Posts

Speeding up my lab work with ludus

Thoughts on the ludus cyber-range/lab system, and tricks

November 2, 2025 · inf0junki3

Baselining with NetBox, part 2: Creating an inventory

Using netbox and ansible to automate the catalogging of your IP addresses and services.

October 26, 2025 · inf0junki3

Baselining with NetBox, part 1: Installing netbox with ansible

Using netbox and ansible to automate the catalogging of your IP addresses and services. First part describes automating the installation.

October 26, 2025 · inf0junki3

Automating the boring (pentest) stuff with Terraform and Ansible. Part 2: Scanning

A simple way to automate the repetitive parts of your pentest using typical DevOps tools.

January 28, 2023 · inf0junki3

Automating the boring (pentest) stuff with Terraform and Ansible. Part 1: Recon

A simple way to automate the repetitive parts of your pentest using typical DevOps tools.

January 18, 2023 · inf0junki3

Timesheet simplification with osquery, Splunk and Python!

This post walks through basic osquery and Splunk installation – but with a twist. I use these security tools to monitor for connections so as to keep track of my work hours.

May 17, 2020 · inf0junki3

Attack Jupyter!

A few tips on using jupyter for reverse engineering and pwn challenges.

August 18, 2019 · inf0junki3

Automating pentests with WebDriver

Using WebDriver to automate pentest activities - two use cases and some code.

August 18, 2019 · inf0junki3

Logging Nessus vulnerabilities to graylog

I’ve been beefing up the security of my home network recently. If you were to ask me why, I could rattle out a few good excuses, such as “it’s good to maintain good computer hygiene, especially at home” or “as a fan of CTF’s, I’m concerned that I’ll accidentally pick up something nasty which will own my network”. Oooo, hey, here’s a good one: “to be a good red teamer, you have to know how blue teams operate”. Those excuses are all well and good; to be honest, though, the real reason I’m messing around with defensive security nowadays is that it’s just fun as hell. ...

July 8, 2017 · inf0junki3

Certificate Transparency as a recon technique

I’ve been using certificate transparency with increasing frequency during my network pentests. What a great source of information! I’ve found it so useful that I wrote a short standalone script to search for domains in a transparency log and resolve them to IP addresses. What’s certificate transparency? There’s an actual site dedicated to describing Certificate Transparency (https://www.certificate-transparency.org/), which I recommend you check out. In a nutshell, CT is a mechanism that provides real-time monitoring and auditing of certificate information. If you’ve ever clicked on that little padlock next to the URL of a site you’ve visited in your browser, chances are that you’ve used CT. ...

November 4, 2016 · inf0junki3