Michael’s Blog

Called Me Maybe - EDR Evasion

Endpoint Detection and Response (EDR) solutions have started to collect and analyze the chain of functions leading up to the execution of certain Windows API functions, also known as the call stack. This post will look into the data available to EDRs, and examine one technique used by malware to avoid it.

GPT Search Engine Optimization (SEO)

A couple months ago, I was chatting with some folks over on the VetSec Slack. One person was using ChatGPT with Web Browsing as a search engine, which made me wonder how easy it would be to optimize web content to be the top result when searched. I tested this for a very specific search - “Who is micrictor” - and found that I could ‘inject’ my desired result more easily against the ChatGPT w/ Web Browsing model than Bard. I’m not sure that this is due to any difference in the models themselves, with the difference potentially explained by differences in the backing web search engines used by each model.

Who is micrictor

Adventures in DeepRacer

Recently, I decided I want to race cars. Luckily for me, AWS DeepRacer will let me race cars with none of the usual risk to my wallet or personal health by using reinforcement learning to train my “driver” - a machine learning model.

KringleCon 2020

2020 has been a wild year for me, as it has for everyone. I was overseas for the Marines when all of the Coronavirus stuff first started happening in the United states, came back, and had 3 months to do everything I needed to do to leave the military. After starting my new job at AWS, I decided I’d also pursue a Master’s degree at University of San Diego, because I appearantly hate my own free time.

Identifying malicious TLS sessions

Inspired by an email from a former instructor, I created a Zeek package, spl-spt, with the goal of providing new data that can be used to identify malicious TLS sessions. In this post, I will be discussing what the new data is, why I chose the data features I did, visualizing the data, and building a classification model using the data.

Enjoy the read!

PentestAcademy ctf.live

Thanks to my early return from an overseas excercise, I’m stuck at home for two weeks. As such, I figured I might as well take a swing at the free CTF put on by PentesterAcademy, ctf.live.

flAWS Writeup

In order to learn more about cloud security, I found the flAWS challenge, created by Scott Piper. By completing the different levels, I hope to learn the basics of cloud security, including common attack patterns.

SANS Holiday Hack - 2019

Happy holidays everyone! Today’s post is my write-up for this year’s Holiday Hack. From what I can glean from the tweets of the CounterHack crew, this years challenge includes a variety of topics, from DFIR to machine learning. As always, it’s sure to be exciting!

Video Games Taught me Cybersecurity

One of my coworkers asked me a few months ago how I learned all that I know about assembly, binary executables, and reverse engineering. He was, as I suspect most people might be, surprised when I told him that most of these skills I had learned as a teenager hacking video games.