Nathan Sweaney

These Aren’t the Password Guidelines You’re Looking For

“You don’t need to see his identification.” It’s a classic line.  With a flick of the wrist old Ben Kenobi deftly bypasses the identity & access management system of the poor Stormtroopers just doing their job. One would think, in that technological era, so long ago, that more advanced (and less spoofable) methods of authentication would …

These Aren’t the Password Guidelines You’re Looking ForRead More »

Protecting your Kids from Online Threats

“The greatest gifts you can give your children are the roots of responsibility and the wings of independence.” — Denis Waitley As information security professionals, we’re often asked about how to best protect children online. I’ve got four of my own, and discussions about what is or isn’t appropriate, are nearly endless. Because let’s be honest, …

Protecting your Kids from Online ThreatsRead More »

Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In Tears

We all recognize clickbait when we see it. And yet thousands still click on the links. In today’s world of social media and ad-funded news, a range of techniques are utilized to grab your attention, some with more success than others. One of these, used in the title of this post, is to create a …

Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In TearsRead More »

We’re Just Like the NSA, and Nothing Like Them

During penetration tests, and especially scoping calls, we often get quizzed about what secret, proprietary techniques we’ll use to gain access to privileged resources. Most folks assume they’re doing “good enough” or at least meeting “industry best practices” so only the latest, unknown attacks will be successful. The notorious ZeroDay always seems to take the …

We’re Just Like the NSA, and Nothing Like ThemRead More »

Introduction to Metasploit Video

The Metasploit Framework is a key resource for security assessors. Whether you’re goal is to become a commercial penetration tester, to demonstrate the risk of a vulnerability, or just need to identify certain weaknesses in your environment, Metasploit is your tool. Understanding how it works, and how to get started is the first step. The Metasploit project …

Introduction to Metasploit VideoRead More »

Intercepting DNS

Recently during a penetration test, I discovered a Linksys WRT54G wireless router that had been installed on a customer’s network. Surprisingly, this device was accessible from the Internet with default credentials. Watching the client list, I noticed several clients connecting on & off throughout the day. We all know that this is bad, but how …

Intercepting DNSRead More »

Why Target’s Breach Included PIN Data

Last Friday Target issued an update acknowledging that encrypted PIN data were included in the data stolen in their recent breach. This quickly became a hot news segment and the social media was abuzz with renewed criticism of the retailer. Though the data technically was stolen, and I applaud Target for publicly announcing it, this …

Why Target’s Breach Included PIN DataRead More »

Scroll to Top