jason_wood

Professionally Evil Toolkit – BozoCrack

This week I’ve been teaching a class on web app security for developers and I remembered a fun little script that I thought I’d share here.  That script is BozoCrack, written by Juuso Salonen.  I’d give my description of what this tool does, but I’ll use Juuso’s words from his GitHub page instead.  It’s pretty classic. …

Professionally Evil Toolkit – BozoCrack Read More »

Why Do Phishing As Part of Security Testing

I was recently watching a web cast on incident response and found myself thinking about the cause of the example incident.  It was yet another instance where phishing emails were sent, desktops were owned and data left the victim’s network.  I’m not sure how many presentations, web casts and papers that I’ve listened/read that point …

Why Do Phishing As Part of Security Testing Read More »

Creating SSL Certificate Requests Using Certreq.exe and Enable LDAPS

This post picks up on my last about creating and authorizing an internal certificate authority.  We are going to shift gears a bit and start looking at how to use this newfound infrastructure.  There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows.  However, there are …

Creating SSL Certificate Requests Using Certreq.exe and Enable LDAPS Read More »

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority

In this post, I wanted to give something directly to the Blue Teams out there.  I also thought I would call us out a bit for sending mixed messages to our users.  All too often we find internal websites using invalid SSL certificates when we are on an engagement.  Almost every user awareness document or …

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More »

Professionally Evil: This is NOT the Wireless Access Point You are Looking For

I was recently conducting a wireless penetration test and was somewhat disappointed (but happy for our client) to find that they had a pretty well configured set of wireless networks.  They were using WPA2 Enterprise and no real weaknesses that I could find in their setup.  After conducting quite a bit of analysis on network …

Professionally Evil: This is NOT the Wireless Access Point You are
Looking For
Read More »

Tactical Security Ops at Black Hat 2013

Kevin Johnson and John Strand recently gave a presentation at RSA 2013 titled “Tactical Sec Ops: A Guide to Precision Security Operations.”  Not surprisingly, this has been something that we’ve been talking quite a bit about internally.  So much so that Secure Ideas will be teaching Tactical Security Ops at Black Hat USA.  We initially …

Tactical Security Ops at Black Hat 2013 Read More »

Scroll to Top