Archive for September 30, 2013


DerbyCon 2013 Wrap Up

September 30, 2013

Another year and another awesome conference put on by Dave Kennedy and his team.  DerbyCon never lets down and is getting better every year.   This year also brought in […]


Details, Details, Details…How Much is Enough?

September 25, 2013

So you think being a penetration tester is the coolest thing around right?  Me too..  but there is one aspect that people usually don’t think about: Report Writing.  It is […]


Professionally Evil: Self Inflicted Injury at Vendor’s Request

September 15, 2013

It’s an unfortunate and still too common a vulnerability to find administrative interfaces exposed and configured with default passwords.  In some cases it doesn’t matter what else you might find […]


We Can’t Rely on the Browser for Protection

September 12, 2013

 A large part of doing security consulting is providing proper mitigations and recommendations to our clients.  Sure, the testing is the exciting part, but it is the recommendations that are […]


Industry Issues: New Vulnerabilities and Marketing Problems

September 10, 2013

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security.  I do this via a number of methods including […]


When the flood is going to come…

September 3, 2013

Most everyone in the U.S. is aware that its not uncommon for the Mississippi River to flood in the spring.  Even though the river has a series of locks and […]