Skip to main content


Welcome to Serpent Security!

There currently isn't much content here, but you can expect updates.

I am a Red Team operator (ethical hacker) and security enthusiast. I work on securing systems for a government contractor (which this blog is not in any way affiliated with)

I post about topics in computer security, computer science, and anything nerdy.
You can also expect some updates on my personal projects.

For posting comments:
Note that the human verification doesn't like to load - I tried to disable it, but Google's in the business of telling users what they want, not giving it, and since this is a Blogger blog, it's run by (Guess who!) Google


Popular posts from this blog

Security by Incompetence: Why your password isn't the problem

User error may be the most common reason people get hacked, but there are many more factors at play. Many security experts claim that user error is the most common way people get their accounts compromised. This has been a common stance on security, and is entirely correct - a weak password will ruin your day as soon as someone decides they're interested in you, at least, enough to let one of their computers sit for a few hours guessing the passwords you thought were secure.

For example, the rules of secure passwords are generally considered to be:
A good password is 8 characters or longerA good password should use both uppercase and lowercaseA good password should use letters, numbers, and symbolsA good password should not contain an English word or phraseA good password should not be your username, or any public information about you  According to these rules, we can look at some of the common ways people write passwords, and see how secure they are. Many "secure" pass…

Hashes and passwords: Not quite as oversimplified

An overly technical brief introduction to hashing and passwords
I've been spending too much time on HackForums lately (and it hasn't even been a full day), explaining stuff like zero-days, hash-cracking, anonymity and secure deletion, wireless hacking, and reverse engineering. One recurring theme I've already seen is relating to password hashes and what they are.

People often think of hashes in the same terms that they think of encryption - encryption takes data and makes it unreadable, and hashes do much the same. The problem is that although they operate in much the same way and do, for the most part, the same thing at the overview level, they're 2 entirely separate things.

What are hashes? To understand what we're really saying when we say "crack a hash" you need to understand what they are, and what the differences are between hashing and encrypting information.

Encryption is meant to hide data from anyone without knowledge of some secret value (aka …