Month: September 2013

DerbyCon 2013 Wrap Up

Another year and another awesome conference put on by Dave Kennedy and his team.  DerbyCon never lets down and is getting better every year.   This year also brought in training classes before the conference that were an excellent addition.  Kevin and James taught the Assessing and Exploiting Mobile Applications with OWASP MobiSec and the …

DerbyCon 2013 Wrap UpRead More »

Professionally Evil: Self Inflicted Injury at Vendor’s Request

It’s an unfortunate and still too common a vulnerability to find administrative interfaces exposed and configured with default passwords.  In some cases it doesn’t matter what else you might find like some sexy injection vulnerability;  if I can access your administrative controls and gut your infrastructure it’s game over and a resume generating event for …

Professionally Evil: Self Inflicted Injury at Vendor’s RequestRead More »

Industry Issues: New Vulnerabilities and Marketing Problems

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security.  I do this via a number of methods including consulting, penetration testing, training, and other services.  But the foundation of what I do is explain the what, why, and how of information security.  And …

Industry Issues: New Vulnerabilities and Marketing ProblemsRead More »