$ cat .whoami
Thank you for stopping by! My name is Dan but most people online know me as ha3ks.
I am a hacker, content creator, educator, and a public speaker. I’ve been ‘hacking’ since he was a teenager but has been professionally working as an ethical hacker and bug bounty hunter since 2020. During this time I have completed many courses and picked up several ‘industry standard’ and recognised certifications such as the eJPT (eLearnSecurity Junior Penetration Tester) to name the more well known.
I have a history of working to disprove Snake Oil salesmen in the infosec space and have had several well received articles dissecting these peddlers on LinkedIn as well as ‘live tweeting’ my activity on ‘X’(formally Twitter). A popular post-storm I penned was dissecting the Windows 10 tweak ‘AtlasOS’ which had just the day prior been featured on Linus Tech Tips as a way to get older machines running more modern games. The issue that I had with this is all AtlasOS did was disable Windows Security and Defender, UAC and other parts actually designed to keep users safe.
Towards the end of the thread I evidenced why this would be an issue with a simple reverse shell generated in MSFVenom and picked up by Meterpreter. UAC would have stopped this and Windows Defender would have stopped you downloading “Dan’s Dodgy Skinpack for CS:GO” - Link to the Thread . It’s not all negatives however, I also put up an complete Thread on building an Active Directory Lab with over 22 users, 1 Server/DC and 2 Client Machines in the hopes that this would help others out there wanting to learn and try new things - Link to the Thread .
Presently I am studying for the RTO (Red Team Operator) certification from ZeroPointSecurity. and awaits a retake at the OSCP (Offensive Security Certified Professional) exam.
$ cat .certs
$ cat .projects
I code in my spare time, I did go to University to study ‘Information Technology - Software’ however the cheaper option in this case (and at that time in history) would have been a self taught approach.
|Project||About||High Level Review|
|“Todo-App”||Online ‘local’ ToDo list||Codeacademy Project|
|“Snek”||Snake for phones, but in HTML||Codeacademy Project|
|“AD_Permissions_ReportGEN”||Dumps AD User Permissions to .csv||Project built to disprove LinkedIn Snake Oil peddler claiming that the ‘Cyber Gold Finger Weapon’ app he had built to do this was worth over £1B. Spoiler - It wasn’t|
|“Send-a-Movie”||“You like Jazz?” - Have you ever wanted to share the joy of a movie with your friends? Now you can, line by line send the script of ‘The Bee Movie’ to your iMessage friends.||Constructed after seeing ‘viral’ videos on how to send massive texts to people via iMessage, appears to only work on OSX with iMessage enabled as the message system ties into it. Wished I had more time to develop and work with other OS/Apps like Whatsapp but when you don’t have a Mac and rely on (at the time) Virtual Machines cobbled together with coat hangers and gaffer tape things get tricky.|
|“Rejectorbot9000”||A quick Python app to simulate applying for a job on LinkedIn.||Python project to ‘fake’ the application and instant rejection phase. Spoiler - Some of the companies mentioned ‘may’ use LinkedIn template when emailing rejections.|
|“Musk-to-Belson”||An Chrome Extension which replaces every instance of ‘Elon Musk’ with ‘Gavin Belson’ because at this point, what’s the difference.||Exercise to teach myself how to develop a browser extension, handy as I wanted to learn how to make a malicious one to call back to a C2 or better still, inject into existing extensions.|
|“PowerBoarding”||An Powershell Script to install multiple .exe and .msi applications in windows.||When you rebuild your computer or laptop as many times as I do you need a reliable way to speed things up, teaching myself to script was a way of doing this. I had released an early version of this with hardly any function but I wanted to finally bring this one full circle and finish it.|
OCCUPATION=jobhuntung SKILLS=pentester,redteamer,ctfs PASSION=/security/offensive LOCATION=/Europe/UK LANG=en_GB.UTF-8
$ cat .disclaimer
Disclaimer: All information contained in this blog is provided for educational and research purposes only. The author is not responsible for any illegal use of any information published on the pages of this blog.
About this blog
Blogs about code reviews, infosec and possibly malware analysis!