Eric's Blog

New Blog 2026

Eric Turner — Sun, 17 May 2026 20:36:00 -0400

This marks the debut of my redesigned blog. My prior blog was ran on Wordpress with multiple plugins for enhancing security: filtering spam, blocking malicious admin logins, filtering malicious comments, backup jobs, auto-update jobs, analytics, asynchronous password protection. Unfortunately with AI, search crawlers and legitimate users, it kept hitting the …

Continuous Threat Exposure Management

Eric Turner — Sun, 22 Jun 2025 21:01:00 -0400

I recently earned a certificate in exposure management and here’s some of the key takeaways. Cyber teams now have a broad attack surface with assets ranging from on-prem to IoT and cloud solutions. Traditional vulnerability management simply can’t keep up. That’s where exposure management steps in: it …

Web Dev - RSS Reader App - 02

Eric Turner — Sat, 29 Mar 2025 21:45:22 -0400

GitHub: EricTurner3/simple-react-rss-reader

Drag and drop UI

I recently stumbled upon Cursor - The AI Code Editor. It essentially is VS Code powered by Claude for GPT enhancements. The unique thing about this AI is taht it has your entire multi-file codebase as context and can easily search and modify the …

Web Dev - RSS Reader App - 01

Eric Turner — Thu, 20 Mar 2025 20:43:32 -0400

GitHub: EricTurner3/simple-react-rss-reader

I have a few goals with this project that I've already spent several hours on over the past few nights.

1. Testing out AI based tools for code generation and guidance

Gemini released the new Canvas tool a few days ago which immediately blew my mind. You …

Malware Dev – Chapter 07 – Anti-Disassembly Strategies

Eric Turner — Sat, 15 Mar 2025 19:12:23 -0400

Continued series from the Malware Development for Ethical Hackers Book.
GitHub repo: EricTurner3 – Malware_Development.

Opcode / Assembly Obfuscation

The main point of opcode obfuscation is to make it harder for the analyst to decompile the code. Other sources seem to refer to this as directly making changes to the assembly or …

Malware Dev – Chapter 06 – Anti-VM Strategies

Eric Turner — Sat, 15 Feb 2025 19:51:53 -0500

Continued series from the Malware Development for Ethical Hackers Book.
GitHub repo: EricTurner3 – Malware_Development.

Filesystem Detection Techniques

VirtualBox Machine Detection

The book showcases 8 different files to test for a VirtualBox, however, the sample code only checks for 2/8 files. I created a modified source code that uses an …

Malware Dev - Chapter 05 - Anti-Debugging Tricks

Eric Turner — Wed, 29 Jan 2025 02:57:57 -0500

Continued series from the Malware Development for Ethical Hackers Book.
GitHub repo: EricTurner3 – Malware_Development.

Detecting Debugger

IsDebuggerPresent()

/*
    Anti-Debugging - Check for Debugger
    28 Jan 2025
    Eric

    To build: x86_64-w64-mingw32-gcc 05_debugger_present.c -o DebugCheck.exe -s -ffunction-sections -fdata-sections -Wno-write-strings -fno-exceptions -fmerge-all-constants -static-libstdc++ -static-libgcc
*/
#include <stdio.h>
#include <stdlib.h>
#include <windows.h …

Malware Dev - Chapter 04 - Privilege Escalation

Eric Turner — Sat, 25 Jan 2025 19:25:23 -0500

Continued series from the Malware Development for Ethical Hackers Book.
GitHub repo: EricTurner3 – Malware_Development.

This chapter contains methods to achieve persistence of malware in Windows.

Manipulating Access Tokens

Token Theft

The book provides a great demonstration of C code where the end user can pass a PID and it attempts …

Malware Dev - Chapter 03 - Persistence

Eric Turner — Tue, 21 Jan 2025 00:34:05 -0500

Continued series from the Malware Development for Ethical Hackers Book.
GitHub repo: EricTurner3 - Malware_Development.

This chapter contains methods to achieve persistence of malware in Windows.

Registry Keys

Run Registry Key

The book utilizes a dummy code to pop up a message window using the registry persistence. I re-used my reverse …

Malware Dev - Chapter 02 - Injection

Eric Turner — Sun, 19 Jan 2025 18:53:32 -0500

Continued series from the Malware Development for Ethical Hackers Book.

The first part of this chapter deals with process and DLL injection. I will break the APC injection and API hooking

Process Injection

I followed the book in generating a reverse shell payload using msfvenom:

msfvenom -p windows/x64/shell_reverse_tcp …

Malware Dev - Chapter 01

Eric Turner — Sat, 18 Jan 2025 20:57:43 -0500

I recently picked several new books from Packt, including Malware Development for Ethical Hackers. This book aims to demonstrate some of the techniques seen in malware, and showcase writing similar samples using C/C++ for both Windows and Linux operating systems.

My codebase as I work through this book can …

Malware Analysis - Mirai Wicked Sample - 9Jan2025

Eric Turner — Sat, 11 Jan 2025 21:03:17 -0500

Analysis of a sample from Malware bazaar: MalwareBazaar | SHA256 a01d53662d83c31a5b4478bc57fc4fee1ba9d4f6178a94a107c472133adea368 (Mirai)

Stage 1

The initial download is a linux script in cleartext with comments in Chinese. I have added english translations in brackets for each comment. This script connects to a server in order to download 13 binaries, one for …

🔒 HackTheBox - Sherlock - Lovely Malware

Eric Turner — Wed, 08 Jan 2025 03:19:22 -0500

This investigation is currently active on HackTheBox, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution, or if you have already solved this challenge, use the answer to task 14 to unlock.

HackTheBox Sherlock: Subatomic

Eric Turner — Tue, 31 Dec 2024 20:14:00 -0500

Challenge: https://app.hackthebox.com/sherlocks/Subatomic

Introduction

Forela is in need of your assistance. They were informed by an employee that their Discord account had been used to send a message with a link to a file they suspect is malware. The message read: "Hi! I've been working on …

Malware Digitally Signed by Microsoft

Eric Turner — Mon, 30 Dec 2024 14:21:47 -0500

While working on a sherlock from HackTheBox, I researched a tactic of threat actors abusing the Microsoft driver signing process to allow their malware to be digitally signed by Microsoft.

General Information

An example of this from the Google Cloud / Mandiant blog post:
VirusTotal - File - 4257ece19a9e4abc1eb251463bce623d2ac45afd0ed7939ba5e76ee9dbde2fa5

Detection page for the …

🔒 HackTheBox Sherlock - Heartbreaker-Continuum

Eric Turner — Sat, 28 Dec 2024 23:41:34 -0500

This challenge is currently active on HackTheBox, thus is required to be password protected. You will need to wait until the challenge is retired for the full solution. In special circumstances, you may email me for the password.

TryHackMe: Advent of Cyber 2024

Eric Turner — Wed, 25 Dec 2024 00:20:44 -0500

I've spent the past few weeks tackling TryHackMe's Advent of Cyber 2024.

Some of my favorite challenges were:

Day 1 OPSEC, searching online to try and find similar strings via GitHub to link back to the attacker
Day 7 AWS Log Analysis, I'm not super versed in cloud security, this …

S550 Mustang IPC Reverse Engineering

Eric Turner — Sun, 04 Feb 2024 14:50:50 -0500

Note: This post was published 4 Feb 2024, but was based off of research and work completed back in May 2023.

Introduction & Video Walkthrough

https://www.youtube.com/watch?v=OzUs28GIq0A

Back in 2020, I removed the analog instrument cluster from my 2015 Mustang GT Premium to upgrade it to …

Top 200 Verbs in Italian

Eric Turner — Thu, 20 Apr 2023 21:24:53 -0400

Ecco l'elenco dei 200 verbi più importanti in italiano.

italiano

English

abitare

to live in

abituarsi

to get used to

accadere

to happen

accendere

to turn on / switch on

acquista

to buy

affittare

to rent out

aiutare

to help

amare

to love

andare

to go

apparire

to appear

appartenere a …

QAKBot Campaign 6Apr2023

Eric Turner — Tue, 18 Apr 2023 12:04:00 -0400

Correspondence

Sender

Subject

Attachment Name

Attachment Hash (with VirusTotal link)

clemke[@]e-chuppah[.]com

RE: New Borrowers

AK.pdf

9521bc74735d1300e182eaa98299023ba08acc9af17b85cc50b3938c99bd0b32

aschaden[@]shopbarbay[.]com

FW: Check Image Request

NI.pdf

93482d229926521cfc0000bda2e931181e0f06f4a9f808f0068634678ae9a0fc

wtremblay[@]aaofoo[.]com

RE: Cashing Third Party Checks

CT.pdf

77a2b75334a8e3a4e2960e0c1600a1ea14933bba1f4a7297ad177e140f3302f2

se[.]jursnaeb[@]adyasiddhi[.]com

RE: Hello--

TX.pdf

3a0141a9b22639c969244967676c999757406383cf8eb0eb75a9e89176661045

This …

Trojan.Kryptic - 22 Mar 2023

Eric Turner — Wed, 22 Mar 2023 15:37:00 -0400

Initial Email

An email was discovered from comel[@]industry-mass[.]com. This site was created within the last 15 days.
The email was titled Tax return 2022 and contained a .docx file.

Opening this file initially looks like an actual tax return. I have redacted the private information from the screenshot …

Bigliettino di Siri (Siri Cheat Sheet)

Eric Turner — Thu, 16 Mar 2023 21:23:20 -0400

I've found that Siri can be great for practicing speaking and listening in a new language, plus it helps you learn critical phrases that are used on a day to day basis. Here's a cheat sheet of things to ask Siri. Most of this was sourced from the Apple Support …

Odd phishing link

Eric Turner — Fri, 22 Apr 2022 00:54:07 -0400

Friend sent me a strange message she got with the following link:

Thanks government, for giving me my money back on some strange link

Attempt 1: www

I booted into my REMnux VM and turned on Burp suite to intercept the traffic. If you leave off the trailing slash (like …

🔒 BTLO - Investigation: Xhell

Eric Turner — Wed, 20 Apr 2022 12:22:46 -0400

This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You will need to wait until the investigation is retired for the full solution. In special circumstances, you may email me for the password.

🔒 BTLO - Investigation: Link

Eric Turner — Fri, 15 Apr 2022 12:47:14 -0400

🔒 BTLO - Investigation: Exxtensity

Eric Turner — Mon, 11 Apr 2022 17:54:24 -0400

🔒 BTLO - Investigation: Exposed

Eric Turner — Thu, 07 Apr 2022 14:08:17 -0400

Finding x-callback-url / Deep Link of iOS Apps

Eric Turner — Fri, 01 Apr 2022 14:56:06 -0400

I find often I like doing automations between apps. While you can use the Open App functionality with Shortcuts, trying to open an app from something like a Reminder requires a URL. This guide shows you how to get the iOS App from the App Store for investigation and then …

🔒 BTLO - Challenge: ThePackage

Eric Turner — Thu, 31 Mar 2022 15:21:21 -0400

🔒 BTLO - Challenge: Source

Eric Turner — Thu, 31 Mar 2022 13:07:23 -0400

🔒 BTLO - Challenge: Bruteforce

Eric Turner — Thu, 31 Mar 2022 12:42:34 -0400

🔒 BTLO - Investigation: Eric

Eric Turner — Tue, 29 Mar 2022 17:53:10 -0400

🔒 BTLO - Investigation: Heaven

Eric Turner — Fri, 25 Mar 2022 16:03:42 -0400

🔒 HackTheBox - GamePwn Challenge: CubeMadness1

Eric Turner — Wed, 23 Mar 2022 16:27:08 -0400

This is currently an active challenge/machine on HackTheBox. Per their ToS, active writeups are not allowed to be shared. In order to unlock this content, you will need to provide the final flag.

🔒 BTLO - Investigation: Crypto

Eric Turner — Tue, 22 Mar 2022 14:28:50 -0400

BTLO - Investigation: BEN

Eric Turner — Fri, 18 Mar 2022 17:09:47 -0400

Link: https://blueteamlabs.online/home/investigation/96

Ben was working very hard at FaanG industries to get a maximum percentage of the hike. He was talking about this with his HR as well. While he was preparing for a Salary Negotiation meeting, Ben received a phishing email and an attachment …

🔒 BTLO - Investigation: RDP

Eric Turner — Thu, 17 Mar 2022 13:55:13 -0400

🔒 BTLO: Investigation - Deep Blue

Eric Turner — Wed, 16 Mar 2022 14:26:25 -0400

This investigation is currently active on Blue Team Labs Online, thus is required to be password protected. You can unlock this challenge by using the last password requested, or wait until the investigation is retired.

HackTheBox: Context Fortress

Eric Turner — Fri, 11 Mar 2022 22:37:00 -0500

Done!

After several long days, I finally was able to pwn my first fortress on HackTheBox! Context by Context Information Security!

This particular challenge had seven flags and had me exploit my way through a vulnerable web app, into a Windows Domained machine and compromise several web and domain users …

HackTheBox: Forensics Challenge - Red Failure

Eric Turner — Wed, 02 Mar 2022 17:17:28 -0500

Note: I am stumped on this particular challenge. Below is how far I've gotten.

Link: https://app.hackthebox.com/challenges/red-failure

During a recent red team engagement one of our servers got compromised. Upon completion the red team should have deleted any malicious artifact or persistence mechanism used throughout the …

HackTheBox: Forensics Challenge – MarketDump

Eric Turner — Fri, 25 Feb 2022 16:12:10 -0500

Link: https://app.hackthebox.com/challenges/marketdump

This challenge provides us with a .zip that only contains a single MarketDump.pcapng file. The challenge description reads:

We have got informed that a hacker managed to get into our internal network after pivoting through the web platform that runs in public …

HackTheBox: Forensics Challenge - Reminiscent

Eric Turner — Thu, 24 Feb 2022 19:56:55 -0500

Link: https://app.hackthebox.com/challenges/reminiscent

Our unzipped folder gives us a Resume.eml, imageinfo.txt and flounder-pc-memdump.elf memory dump file.

Let's check out the email message. I ran cat Resume.eml which nets us:

Return-Path: bloodworm@madlab.lcl
 Delivered-To: madlab.lcl-flounder@madlab.lcl
 Received …

Wordle Reverse Engineered

Eric Turner — Mon, 31 Jan 2022 15:20:01 -0500

Wordle Share Grid

I've been seeing posts for this wordle game on my facebook, and it seems to be alight on Twitter as well. I decided to try the game today and was able to get it on my fourth try! It was pretty fun. But, I wanted to see …

Malware Analysis #2

Eric Turner — Wed, 12 Jan 2022 20:27:12 -0500

SHA256 Hash: 1ffd6559d21470c40dcf9236da51e5823d7ad58c93502279871c3fe7718c901c

I searched the daily list of MalShare.com and pulled a random hash for investigation today, downloaded through my REMnux box and then used a Python web server to pull it onto my Windows box, since my windows vm has no internet connection.

Static Analysis

I renamed …

Malware Analysis - #1

Eric Turner — Tue, 11 Jan 2022 16:04:25 -0500

See here on my post on creating your own Malware Analysis lab!

I created an account on VirusShare to download some malware samples. I downloaded the first one so let's dive in and see what we can discover!

The SHA256 for my download was: 2db4caf14befbe99a9cf51ed7f7c3cade9df666c45579baaffc9e5a53c0b773c.

I downloaded the zip and …

Malware Analysis Lab

Eric Turner — Mon, 10 Jan 2022 18:30:58 -0500

I decided to try and get into my own malware analysis, but I needed to create my own lab for safe testing. I wanted to outline how I set mine up.

Update 2 Mar 2022: I migrated from VirtualBox to Parallels 16 and I get MUCH better performance, even when …

TryHackMe: Basic Malware RE

Eric Turner — Fri, 07 Jan 2022 14:20:35 -0500

Link: https://tryhackme.com/room/basicmalwarere

This is another one of the free rooms in the Malware Analysis Module of TryHackMe.

This is a challenge room, where we are given files and just need to try a flag, instead of a more guided learning room.

Challenge 1

Running strings on …

Hack The Box - Driver

Eric Turner — Mon, 04 Oct 2021 15:31:18 -0400

Link: https://app.hackthebox.eu/machines/Driver

Enumeration

TCP Port Scan

nmap top 1000 ports with version detection

Our port scan reveals a possible windows 7-10 machine with a web server up.

I used metasploits' auxiliary/scanner/smb/smb_version to find the SMB and Windows version and it returned SMB …

HackTheBox - Bolt

Eric Turner — Fri, 01 Oct 2021 11:31:20 -0400

Link: https://app.hackthebox.eu/machines/Bolt

Enumeration

TCP Port Scan

nmap top 1000 ports tcp port scan with version detection

Preliminary port scan reveals SSH on port 22 and two web servers on ports 80 and 443.

SSL Web Server

Attempting to access the https version of the website …

Hack The Box Academy - Buffer Overflow on Linux x86

Eric Turner — Fri, 13 Aug 2021 17:04:19 -0400

While attempting a different reverse engineering / pwn challenge, I realized I needed more background knowledge on how to properly do a buffer overflow, thus I took the Stack-Based Buffer Overflows on Linux x86 case from HTB academy. This is my writeup of the final Skills Assessment

Discovery

First we need …

📌 Password Protection for Writeups

Eric Turner — Thu, 12 Aug 2021 17:48:34 -0400

Multiple platforms, HackTheBox, TryHackMe, BlueTeamLabsOnline, express they do not want the answers/flags posted until the challenge is retired. Thus, for any active challenge on these platforms, the bulk of the content is password protected.

For password-protected challenge write-ups: use the challenge flag as the password to the blog post …

2018+ Mustang Technology Retrofit

Eric Turner — Wed, 26 Aug 2020 13:46:52 -0400

Before the retrofit, my original cluster with Sync 2 (MyFordTouch) system

I know I bought my vehicle at a higher mileage (50k) but I have loved essentially every detail of it. However, I definitely liked the new technology in the 2018+ models including a new digital speedometer cluster and the …

📌 Italian Conjugation / Verb Tense Cheat Sheet

Eric Turner — Fri, 20 Dec 2019 14:22:08 -0500

View of the verb tense sheet

I have been using Busuu to learn Italian for the past few weeks (2020 new years resolution is to learn as much Italian as I can!). However all the varying verb tenses can be hard to keep up on. Here is a cheat sheet …

End of Year Device Check In App

Eric Turner — Tue, 05 Mar 2019 17:01:56 -0500

Another application I built at work, during the month of February, that I am super proud of is a way for us to check in devices at our high school. Essentially, a teacher logs in and the application will automatically pull a list of the teacher's classes. Then the teacher …

Prom Tickets Web App

Eric Turner — Tue, 05 Mar 2019 16:50:41 -0500

I work in a school district and one of my latest projects is to create a custom application for prom tickets. It features the ability to scan a student's ID and will verify the student against a list for eligibility and then automatically send out tickets to the students for …