Paul Hempshall

Website Cyber Security Professional

My blog

Replacement HCB107C-1 PSU Adapter Cable

Due to a lack of spare parts, I fabricated a missing power adapter cable for the Loctek HCB107A-1 height adjustable desk controller.

August 28, 2023

Guide Write-Up

How to play a sound on schedule with Windows

The scheduled task will flow like this. The action will trigger at specific times and run a VBScript invoking a background shell to launch our PowerShell script. This PowerShell script plays our audio file. The example here will use the stock market bells on the opening and closing times of the market.

September 14, 2022

Guide

Predictable from Observable State

In this post, I will describe a couple of real-life examples of where the predictability of visible information can lead to problems such as information disclosure and unintended authentication bypass.

September 6, 2022

Analysis Application Security

Free digital forensics CTF challenges

These are some of my digital forensics/steganography capture-the-flag challenges available for download. The ideas are a combination of adaptations of known methods and inspiration from film and TV.

September 5, 2021

Capture The Flag Write-Up

DDoS mitigation without cloud protection

The visual pattern of the log indicates to me that this is not genuine traffic. There are too many uniform lines scrolling past. Genuine traffic usually has a different visual shape due to users making additional requests for site resources (CSS, JavaScript and images).

August 8, 2021

Write-Up Application Security

Cloudflare Firewall – Restricting Rogue Networks

Here is a list of rogue network autonomous system numbers and a Cloudflare firewall configuration to help get you started with protecting your website.

August 5, 2021

Guide Application Security

bXSS and Docker

A brief how-to guide outlining the installation of bXSS (https://github.com/LewisArdern/bXSS) inside a Docker container....

August 4, 2021

Guide Application Security

Researching telephone scammers and their website

Scam baiting for experience building. A walk-through of a basic OSINT research process for finding Cloudflare-protected hosting, domain, and scammer information.

Whilst on the phone I decided to practise some people skills. I learned about a service called Grabify from watching Jim Browning videos on YouTube. Grabify is a URL shortener that logs IP addresses.

June 16, 2021

Write-Up OSINT

Setup a VPN using Amazon AWS FREE t2.micro instance

This guide is intended to walk you through setting up and configuring a working VPN using Amazon’s AWS free tiers, the EC2 t2.micro instance. The guide is written for beginners who are using the Windows operating system.

December 14, 2016

Guide

The dangers of an Open Redirect – Kraken Phishing Analysis

Kraken issued a warning on its blog regarding various phishing attacks that have caused some accounts to lose their Bitcoin. I decided to do some research into how this could have happened.

August 19, 2016

Analysis Application Security

Getting started with GNUPG PGP

A basic getting started guide for using GnuPG and the Windows command prompt CLI. Contains important information regarding insecure cipher and digest preferences.

November 11, 2015

Guide