As a developer looking for work in 2025, I have to send off potentially hundreds of job applications in order to get enough callbacks and interviews. I also want to optimize my time spent reading or interacting with job boards to only invest time into the most relevant posts by rating each job and only focusing on the best-rated ones. Saving time reading through job board posts is an amazing improvement by itself, but this also has the effect of focusing my time on more important job posts.

What is an Expert Persona? A large language model that is provided schema information and asked to create queries to answer questions is called an “expert persona”. Such a model can be quickly integrated as an assistant into company workflow or as an API available to answer questions about the specific domain. Setup example database: We will use the example “chinook.db” SQLite database. the schema for this database is provided at the end of this article for reference.

The way I take notes is most often in Zettelkasten format in Obsidian. I have thousands of individual markdown files which are linked together in a huge web. I want to be able to query them without uploading all the files or entering them into a vector database. My personal preference is to have timestamps in the filenames, so some queries could be answered using the filename and content together.

Sometimes, when working with Java payloads, it might be necessary to switch to a different Java version or use specific version in order to run a program. Recently I needed to switch from OpenJDK version 17 to 11 in order to get a ysoserial payload to generate. One of the suggestions available when researching this was to use alternatives to switch versions, but this seems like a relatively permanent solution to a temporary problem.

The box “Sau” was just retired on HackTheBox. This was an interesting box because you have to chain together a couple of exploits in order to get a shell, but overall, it is not a very difficult box. Sau means “pig” in German, but the box was created by sau123 so maybe the box name is related to his username. Enumeration I started off with an nmap full port scan. One thing to notice from the scan is that port 80 appears closed, and in nmap is indicating that is behaving differently.

Kerbrute When pentesting active directory boxes, sometimes you have to brute force some domain accounts. It is possible to do this with netexec ( formerly crackmapexec ), but Kerbrute is usually faster and produces less noise. I liked using kerbrute for password spraying. Unfortunately, kerbrute did not have a build available for arm64. The only builds were for x86 and x64. The last release from project was a few years ago, maybe before the era where ARM macbooks became so good at running VMs.

Recently, I discovered that I can create an iOS shortcut step to connect to an SSH server and run a script. This is similar to how the SSH client can run a program when you specify a command as an argument to SSH when connecting. Doing this, I can create a script that reads standard input as input to the program, which is analogous to the same way as a CGI script can handle POST data.

I recently undertook a project to get conected to my devices from my phone. My goal is to be able to SSH from aywhere. I’m currently writing this in vim from a terminal on my phone connected to a laptop across the room over the internet, without forwarding any ports on my router. I have a Samsers Foldable Bluetooth Keyboard that I bought from amazon. It allows me to type on the phone like a terminal, but it folds up into roughly the size of a phone itself so I can carry it around.

CTF link: https://tuctf.com/ challenge files: https://github.com/nicholas-long/environment/blob/main/zet/20231203212512/README.md Solving the TUCTF23 State of the Git Challenge The TUCTF23 challenge took place recently and ended on 2023-12-03. In it, there was a forensics challenge which included some git commands and some data analysis. The challenge says we should check if any secrets are exposed in their git repository. This challenge comes as a tar.gz file. Because of the name and nature of the challenge, I immediately checked if it was a git repository, and it was.

Link to script to OCR text content displayed on the screen of youtube videos Motivation for Project It would be neat to be able to search the text content displayed on the screen of any youtube videos. In order to do that, you would have to run optical character recognition (OCR) on the frames of the video. I watch a lot of hacking walkthroughs from ippsec where most of the videos feature terminal output.