The Browser Bookmark Problem I’ve been looking for a better way to bookmark useful content I find on the web. I’ve got a number of bookmarks stored in Firefox, but I find that I rarely look through them. Occasionally when I do, I’m surprised to find something interesting that I had completely forgotten about. Even when I know I have something bookmarked somewhere, I tend to just run a web search for the topic I wanted to read about and search through the results until I see one that looks familiar.

Background OpenAI chat has exploded in popularity over the last couple of weeks. People are using it to do all sorts of interesting things. If you are unfamiliar with OpenAI Chat and GPT-3, you can find a primer here. The gist is that it’s an artificial intelligence model that you can chat with as if it were a person. It can do all kinds of things like answer questions, write code, find bugs in code, and more.

Background I’m currently taking Offensive Security’s PEN-401 course and studying for their OSEE exam. One concept I’ve been learning about is Supervisor Mode Execution Prevention (SMEP). I found it to be one of the more confusing topics to learn, so I thought I’d try to explain how it works to help fill my own knowledge gaps and better solidify my own understanding. Supervisor Mode Execution Prevention (SMEP) Supervisor mode execution prevention is an exploit mitigation feature built into some CPUs.

Summary of tips for the training course Study before you arrive Use the syllabus as a guide to fill knowledge gaps. Study the material they send before the course begins. When you are given time in class to do an exercise, find the exercise in the guidebook and follow along there. Study the guide book in the evening to fill in any knowledge gaps. Ask questions during class if you need to.

Background I recently worked on a phishing engagement involving a malicious email attachment. The final payload was an executable file that exfiltrated some data back to a server under my control. I’d normally use my attack server for this, but my attack server was already in use, so I opted to use Burp Suite’s Collaborator to catch my exfiltration payloads. My employer has their own collaborator instance, so we don’t have to rely on Portswigger’s and we can keep our clients’ data that much more secure.