kmsec: (mainly) a security blog

Blog

The braindump
5 Mar 2023

Passive Takeover - uncovering (and emulating) an expensive subdomain takeover campaign

This post explores an often overlooked type of subdomain takeover attack I am dubbing "passive takeover."

6 Jan 2023

Fingerprinting C2s with Shodan

A quick C2 fingerprinting exercise with Shodan

6 Jan 2023

Tracking Crimson Kingsnake

Using VirusTotal to track Crimson Kingsnake

1 Jan 2023

An introduction

Launching this blog

6 Aug 2021

Caddy: enabling valid internal SSL certificates with ACME DNS challenge

This is an older how-to I wrote on how I provisioned valid SSL certificates on my internal homelab using ACME DNS challenge