The Legacy of The Hacker Manifesto
I was 11 years young when The Hacker Manifesto was originally published in 1986 (yes, I’m that old). I had no idea about the manifesto at that age but several years later I begin tinkering with my first computer (an Apple IIe) and convinced my parents that I needed a ... Read More
Introducing the Shared Security Weekly Blaze Podcast
As many of you may know, I’ve been co-hosting the Shared Security Podcast (formally known as the Social Media Security Podcast) with my fabulous co-host Scott Wright from Security Perspectives Inc. We’ve been recording this podcast every month (mostly) since 2009 and over the years we’ve had feedback from many of ... Read More
Using Technology to Defend Digital Privacy & Human Rights – Presentation Notes
If you attended my talk “Using Technology to Defend Digital Privacy & Human Rights”, thank you! Here’s a list of supplemental material discussed during the presentation as well as where you can find out additional information about the topics covered. I’m happy to answer any questions that you might have ... Read More
Top 5 Attack Vectors Report: Defend It Before You Hack It
Each year my team conducts hundreds of Penetration Tests in a wide variety of industries, ranging from Healthcare to Retail, Finance to Manufacturing, and many more. The team analyzed data collected from each of our penetration tests at SecureState since 2011 and found common themes in the methods of compromise utilized to ... Read More
Project Mayhem to be Unleashed at Black Hat Abu Dhabi
For the last several months I’ve been performing research on techniques attackers could use for performing accounting fraud in popular accounting systems. This research coincides with a whitepaper that SecureState has developed entitled “Cash is King: Who’s Wearing Your Crown?” To perform this research I have collaborated with a coworker of mine, ... Read More
Burp Suite Series: Efficient use of Payload Options when Attacking HTTP Basic Authentication
In this series of blog posts I’ll be discussing some handy Burp Suite techniques we often use on our penetration tests. Burp Suite is our de facto tool of choice for assessing web applications and conducting web based brute force attacks. First up are some techniques to use when conducting ... Read More
SANS Mentor brings Security 542: Web App Penetration Testing and Ethical Hacking (GWAPT) to Cleveland
I’m proud to be teaching SANS Security 542 here in Cleveland through the SANS Mentor Program beginning in August. The SANS Mentor Program allows you to save thousands on your training budget and still experience live SANS training on the GWAPT classes – live training without traveling! COURSE DETAILS: Security ... Read More
Are We Reaching Security Conference Overload?
I saw a post from my friend Matt Neely on Twitter about how CarolinaCon and BSidesROC are on the same weekend this year. I’ve also had conversations with others earlier this week about DerbyCon (September 28-30) and GrrCon (September 27-28) being back to back as well. This is a trend ... Read More
Three Areas You Need To Test When Assessing Mobile Applications
Having spoken at both at the SANS Mobile Device Security Summit as well as OWASP AppSec DC recently about testing mobile applications I’ve encountered that like the old saying goes “There are many ways to skin a cat”, there are also many ways to assess a mobile application. I’ve seen ... Read More
Smart Bombs: Mobile Vulnerability and Exploitation Presentation
This week I co-presented “Smart Bombs: Mobile Vulnerability and Exploitation” with John Sawyer and Kevin Johnson at OWASP AppSec DC. We talked about the some of the current problems facing mobile applications such as flaws found in the OWASP Mobile Top 10 and various privacy issues. We also talked about ... Read More