Month: August 2013

Comparing Authorization Levels with Burp’s Compare Site Map feature

Burp Suite from Portswigger.net is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot of features that often get overlooked. One of these features is the “Compare Site Maps” feature. This wizard-based function compares two different site maps of a …

Comparing Authorization Levels with Burp’s Compare Site Map featureRead More »

Analyzing Web App Attacks Using ModSecurity at MIRcon 2013

I’m extremely excited to announce that I will be speaking at MIRcon2013 on ModSecurity!  The presentation’s goal is to help systems administrators, incident responders, and security analysts better manage and run an installation of ModSecurity.  Here is the synopsis from the presentation. Any publicly available web server and site is under attack on a regular …

Analyzing Web App Attacks Using ModSecurity at MIRcon 2013Read More »

Defending Against Pass-the-Hash (PtH) Attacks

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in  Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …

Defending Against Pass-the-Hash (PtH) AttacksRead More »