Archive for May 21, 2013


Using a Throwing Star to Capture Packets

May 21, 2013

Mobile applications are a hot commodity these days.  It seems like everyone and their brother/sister is writing them.  Kevin Johnson even tells a story of a bait/mobile application shop here […]


Preparing for a Consultant

May 17, 2013

As security consultants, we regularly travel to clients’ sites and experience a wide range of environments and atmospheres. While some are better than others (and some much worse), it’s very […]


Autocomplete and actual risk: Why do we look at it?

May 15, 2013

Autocomplete is always a fun topic to discuss…. ok maybe my idea of fun is not the normal idea. 🙂  During our web penetration testing, we often find where the […]


Professionally Evil: This is NOT the Wireless Access Point You are Looking For

May 11, 2013

I was recently conducting a wireless penetration test and was somewhat disappointed (but happy for our client) to find that they had a pretty well configured set of wireless networks. […]


The Watering Hole: Is it Safe to Drink?

May 7, 2013

How many times have you been told you have a vulnerability that you just don’t understand  its relevancy?  Cross-Site scripting comes to mind for many people.   Sure, they get the […]