About Punkcoder

I am a Software Developer with a passion for Security, ALM, Agile, and Coding Practices. I have been working in .NET as a developer for over a decade, a network admin for years before that. I have worked for large companies and small ones, many that you would recognize some that you probably interact with. I am opinionated and deeply curious about the world. If you have a problem there is a good chance that I would be interested in hearing about it. More than that I want to help others, mostly because I believe that helping a single person raises the quality for everyone.

Chall Profiles

Blog Posts

Best Of Defcon 24 Villages

Published On: Dec 3, 2016

So I am currently going through and reviewing all of the videos that have dropped from this years defcon, and since I am going through and watching them I thought that I would make an effort to currate the list. So with that I should say that there is nothing against your talk if you don’t appear on the list. It just means that you didn’t speak to me. The best part of DEFCON is that there is a free exchange of Ideas. With that said here is my list:

Biohacking Village

Carhacking Village

Crypto and Privacy Village

Hardware hacking Village

Packet Hacking Village

Follow Up From Prairie Code

Published On: Nov 4, 2016

So I’ve been back from Prairie.Code() for about a week now and I got the results from my talks. I am currently in the process of collecting my thoughts and trying to turn them into usable items for reflection.

Feedback on both of the talks was sparse but good, and I am very thankful for everyone that came out and learned something. I am hoping to give the same talk again via video confrence for any that are interested in hearing, and sharing. If you want to be kept up to date on that just leave a comment on the page and I will make sure that you get added to the list.

I am going to be looking into other confrences after the begining of the year, if you are hosting one or know of one that you would like me to speak for please don’t hesitate to leave a message below.

1o57 List of Things to Learn

Published On: Oct 12, 2016

I was going through some of videos from past defcons and I came across a listing of the things that every hacker should know as part of their education. The reality is that we all come from different backgrounds.

What is included below is a personal list and my progress through the list (I wanted some place that I would be albe to keep a list of things to work towards), your milage may very, void where prohibited:

Things to Know (at a basic level):

  • Binary Math - Need More for Higher Math
  • Hex - 5 / 5
  • Tor - 4 / 5
  • Shodan
  • IDA Pro (and Vivisect)
  • TCP/IP Fundamentals - 3 / 5, it’s been a long time since TSM
  • ASM
  • C/C++
  • Basic Crypto - 2 / 5
  • Wire Shark - 2 / 5
  • How Lame Nessus Is - 5 / 5
  • Metasploit - 1 / 5
  • Virtualization - 5 / 5
  • Backtrack - 2 / 5
  • Command Line - 5 / 5
  • SSH - 3 / 5
  • Putty (windows) - 3 / 5
  • FileZilla - 4 / 5
  • OpenSource Tools
  • How DNS Works (… and why it’s broken) - 5 / 5
  • Digikey, Mouser, Janesco, McMaster (LadyAda)

Still after all these years...

Published On: Sep 23, 2016

Ok… So I’m hoping that this is the last time that I go through the process, but I have converted over my site so that I am generating the whole thing statically. If you havent heard of Hugo it’s a pretty cool tool for generating completely static websites.

I wanted something that would be easier for me to maintain over the long haul and it was looking like trying to keep a cms updated enough to keep out people who want to look at the inside was becoming more and more difficult.

I have managed to get all of the blog entires moved over from the last 3 migrations that I have done, but it looks like all of the content didn’t come along. So if you are looking over the site and you see that there is something missing please reach out to me and I will do my best to either get you the original document or update infromation so that you get something more current.

How to make enemies with people who use TDD...

Published On: Jul 28, 2016

So I have been working on a project that requires the use of the NEST framework for working with ElasticSearch, and I have to tell you I am absolutely maddened by the lengths that I have to go through to get good tests.

The problem is that someone in their INFINITE Wisdom decided that all of the setters on response objects should be private or internal. For example:

public interface IGetMappingResponse : IResponse, IBodyWithApiCallDetails
   Dictionary<stringIList<TypeMapping>> Mappings { get; }
   Dictionary<IndexName, IDictionary<TypeName, TypeMapping>> IndexTypeMappings { get; }
   TypeMapping Mapping { get; }
   void Accept(IMappingVisitor visitor);

Which means that in order for for me to perform a simple mock, I have to create a WHOLE NEW CLASS, further bloating my code and making the process of creating my unit tests even more complicated. In order to use the following code:

var clientResponse = new MockedGetMappingResponse();
var calledGetMapping = false;
client.GetMapping(Arg.Any<IGetMappingRequest>()).Returns(clientResponse).AndDoes(x=> { calledGetMapping = true; });

 I have to create a whole, new object that's now bloating my unit test project just so I can get the damned unit test to work:

public class MockedGetMappingResponse : IGetMappingResponse
       public IApiCallDetails CallDetails { getset; }
       public bool IsValid { getset; }
       public IApiCallDetails ApiCall { getset; }
       public ServerError ServerError { getset; }
       public Exception OriginalException { getset; }
       public string DebugInformation { getset; }
       public void Accept(IMappingVisitor visitor)
           throw new NotImplementedException();
       public Dictionary<stringIList<TypeMapping>> Mappings { getset; }
       public Dictionary<IndexNameIDictionary<TypeNameTypeMapping>> IndexTypeMappings { getset; }
       public TypeMapping Mapping { getset; }

So the next time that you get the bright idea that all return objects shouldn't be able to be set... don't do it. If it says that it's a response object and someone is dumb enough to set the value then they are the idiot, we will give you a pass on it. But remember there are LEGITIMATE reasons that we would want to use those set values, and by removing them your aren't making your code any better... your just being an asshole.