Nathan Sweaney

Protecting your Kids from Online Threats

“The greatest gifts you can give your children are the roots of responsibility and the wings of independence.” — Denis Waitley As information security professionals, we’re often asked about how to best protect children online. I’ve got four of my own, and discussions about what is or isn’t appropriate, are nearly endless. Because let’s be honest, …

Protecting your Kids from Online ThreatsRead More »

Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In Tears

We all recognize clickbait when we see it. And yet thousands still click on the links. In today’s world of social media and ad-funded news, a range of techniques are utilized to grab your attention, some with more success than others. One of these, used in the title of this post, is to create a …

Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In TearsRead More »

We’re Just Like the NSA, and Nothing Like Them

During penetration tests, and especially scoping calls, we often get quizzed about what secret, proprietary techniques we’ll use to gain access to privileged resources. Most folks assume they’re doing “good enough” or at least meeting “industry best practices” so only the latest, unknown attacks will be successful. The notorious ZeroDay always seems to take the …

We’re Just Like the NSA, and Nothing Like ThemRead More »

Introduction to Metasploit Video

The Metasploit Framework is a key resource for security assessors. Whether you’re goal is to become a commercial penetration tester, to demonstrate the risk of a vulnerability, or just need to identify certain weaknesses in your environment, Metasploit is your tool. Understanding how it works, and how to get started is the first step. The Metasploit project …

Introduction to Metasploit VideoRead More »

Intercepting DNS

Recently during a penetration test, I discovered a Linksys WRT54G wireless router that had been installed on a customer’s network. Surprisingly, this device was accessible from the Internet with default credentials. Watching the client list, I noticed several clients connecting on & off throughout the day. We all know that this is bad, but how …

Intercepting DNSRead More »