"Perfect is the enemy of done"
After having used a 60% mechanical keyboard for a fair while now, some joking-around at the local hackerspace made us think about ways to go even smaller. There's plenty of "chording" mechanical keyboards out there using their own combinations of chording and layers to shrink smaller, but most are still 10-12 keys or so... we thought we could go smaller by going closer to the bare metal, and going binary.
After impulsively buying a set of old pedestrian crossing lights at a local swap-meet (13 year old me forced me to), I wanted to get them going again both for the kids to use in the back yard and also for me to use to tell the kids when it is/isn't safe to come into the garage. I added 240V LED spotlights inside, controlled via relays with a Raspberry Pi Pico, and then a basic MicroPython state-machine that lets the crossing button or a timer control the different modes on the lights.
A simple SAO (Simple Add-On) I designed for BSides Ballarat 2026
This was my most ambitious challenge for BSides CTF 2025 - a multi-stage network penetration scenario running on a Raspberry Pi. I wanted participants to experience a realistic attack chain, starting from WiFi access all the way to compromising internal services.
Difficulty: Progressive (Easy → Medium → Hard)
Category: Network Services …
I wanted a classic web vulnerability for the BSides CTF 2025, and SQL injection felt perfect. The irony of a security company having such a basic flaw made it even better.
Difficulty: Beginner to Intermediate
Category: Web Application Security
When you visit the Gold Rush Security …
How I built this personal website and static blog with automated build-process and effectively-free hosting, using Markdown-formatted text files to write the posts, Pelican/Python to incorporate Jinja templates and build static HTML output, GitHub for version control and source hosting, and Cloudflare pages to serve the static content to the web on my personald domain name. This post will evolve into more of a tutorial/guide later. For now it is a dumping ground for my notes as I build out the site. These are the steps I took to spin up this very website. It took about 2 hours start-to-finish.
This was the most basic challenge for the BSides CTF 2025, designed to just get people started. Anyone with some basic web experience or OSINT skills should be able to solve it quickly.
Difficulty: Beginner
Category: OSINT / Web Reconnaissance
While exploring the Gold Rush Security website …
The Barcode challen was one of the first challenges I thought of when I started planning the BSides CTF 2025. It is a simple challenge that introduces participants to barcode analysis and decoding, specifically focusing on Code39 barcodes. However I threw some extra complexity in there to mess with people …
This challenge was the most difficult I created for BSides CTF 2025. I was worried about the difficulty, and it was multiple-intermediate steps in a row without a "checkpoint" to help participants. However I did leave clues but I did not have anyone complete it, so I thought I would …
Time to create a devblog. Details are in this post.
The stack for this is: - Hugo: Static site generator - Custom Theme: Built directly into the project. Stupidly simple, no external dependencies. - AWS S3: Hosting the static site - AWS CloudFront: CDN for the site - Gitlab CI: For deployment automation - git: Version …
I stumbled on this all-blue IBM PC XT clone that I haven't been able to find any information about, no matter how much I dig online. The only identifying label is on the bottom of the keyboard, which was made by Nan Tan Computer Co in Taiwan, but there is no record of them ever making desktop PCs. The keyboard is the exact same blue as the rest of the PC so was clearly along with the rest of the machine.
Amateur Engineering is the act of building stuff for the sake of building stuff, rather than because you were paid to do it for someone else. Putting as much effort and skill as you can into making a project for no other reason than to see it made. This article explains the goals behind AmateurEngineering.com, and more about what we mean when we refer to Amateur Engineering as a phrase.
Today the Australian Signals Directorate announced their 75th Anniversary Commemorative Coin, which is a standard Australian 50 cent coin with various cryptographic puzzles embedded in it. I'm not a cryptography expert, but I've always loved this stuff from the sidelines of physical pentesting and teen-years script-kiddying, so I thought I'd give it a go. Along with a mate in our local Hackerspace's slack channel, we started bouncing ideas back and forth, and below is a write-up of the eventual path to solving all the puzzles on the coin (though as you'll see, not necessarily in the order they intended).
I was pretty sick of worrying about the AA batteries for my original Gameboy, and just wanted a LiPo pack I could recharge via micro USB like so many of my modern devices. I found some existing projects that require cutting up the Gameboy, or modifying it in various ways... or some products from overseas that cost a fair bit and are basically just a LiPo + controller jammed into the battery cavity. I wanted something that didn't require any modification to the original Gameboy, and could be swapped back and forth with normal AAs if required.
This is a very basic beginner-friendly project that gives a physical volume knob that works on most desktop/laptops. Using a rotary encoder, a Digispark microcontroller, a few soldered wires, some pre-existing firmware from Adafruit, and a 3D printed housing, we get a super tidy and tiny dial for controlling the system volume (or map it to whatever you want). It plugs directly into the side of my laptop into the USB port, or you can use it via a USB extension cable to place it on your desk.
Since the coronapocalypse kicked in and we've all been isolated, I've been doing a lot of Jitsi meets with various groups of friends. Jitsi is basically Zoom but with less spyware and more "it crashes lots and has lots of bugs but it's Open Source so we convince ourselves it's worth it anyway". In this post we use some old arcade cabinet buttons and an Arduino to build an OBS scene-changing macro board. This lets you swap scenes in video chats and when streaming, or also just works as a generic macro-board for running key combinations, scripts, and macros on any USB-having device.
A visit to CSIRAC (Commonwealth Scientific and Industrial Research Organisation Automatic Computer), the fourth computer ever built in the world, and the only intact first-generation computer still surviving.
It's a pretty well known fact* that the World Wide Web (and arguably humanity itself) peaked in 1999, and it has been downhill ever since. Read on to find out why I'm right, why you're wrong, and why we should reset the entire WWW to 1999 and start over.