Month: November 2013

Professionally Evil Toolkit – Recon-ng

The first stage of almost every successful penetration test is the reconnaissance phase. During this phase of an engagement we scour publicly accessible resources for information about the target that will provide insight and direction for later phases. We look for information that was made public intentionally, and sometimes unintentionally, that tells us more about …

Professionally Evil Toolkit – Recon-ngRead More »

MIRcon 2013 – Analyzing Web Attacks with ModSecurity

Last week I was able speak at MIRcon 2013 about how to use ModSecurity to discover attack activity and defend your environment.  The presentation started out by discussing a fair bit of background information on ModSecurity and how it works.  This was really important since ModSecurity can get a bit involved when setting it up. …

MIRcon 2013 – Analyzing Web Attacks with ModSecurityRead More »