Nathan Sweaney

Silencing Firefox’s Chattiness for Web App Testing

Firefox is one chatty browser! Even if you don’t actually use it for anything, it’s constantly making requests out to the internet for things like updates, checking network status, and sending telemetry data back to Mozilla. When using Firefox for web app testing, I’ve often noticed the constant stream of additional requests that get in …

Silencing Firefox’s Chattiness for Web App Testing Read More »

Checking Under the Bed

I’ve got four kids and part of their chores involve cleaning up their bedrooms. Inevitably, their understanding of “clean enough” never quite matches our expectations. Now I could just live with the fact that there will always be a huge mess under their beds, but that doesn’t serve the point. My goal isn’t to just …

Checking Under the Bed Read More »

These Aren’t the Password Guidelines You’re Looking For

“You don’t need to see his identification.” It’s a classic line.  With a flick of the wrist old Ben Kenobi deftly bypasses the identity & access management system of the poor Stormtroopers just doing their job. One would think, in that technological era, so long ago, that more advanced (and less spoofable) methods of authentication would …

These Aren’t the Password Guidelines You’re Looking For Read More »

Protecting your Kids from Online Threats

“The greatest gifts you can give your children are the roots of responsibility and the wings of independence.” — Denis Waitley As information security professionals, we’re often asked about how to best protect children online. I’ve got four of my own, and discussions about what is or isn’t appropriate, are nearly endless. Because let’s be honest, …

Protecting your Kids from Online Threats Read More »

Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In Tears

We all recognize clickbait when we see it. And yet thousands still click on the links. In today’s world of social media and ad-funded news, a range of techniques are utilized to grab your attention, some with more success than others. One of these, used in the title of this post, is to create a …

Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In Tears Read More »

We’re Just Like the NSA, and Nothing Like Them

During penetration tests, and especially scoping calls, we often get quizzed about what secret, proprietary techniques we’ll use to gain access to privileged resources. Most folks assume they’re doing “good enough” or at least meeting “industry best practices” so only the latest, unknown attacks will be successful. The notorious ZeroDay always seems to take the …

We’re Just Like the NSA, and Nothing Like Them Read More »

Introduction to Metasploit Video

The Metasploit Framework is a key resource for security assessors. Whether you’re goal is to become a commercial penetration tester, to demonstrate the risk of a vulnerability, or just need to identify certain weaknesses in your environment, Metasploit is your tool. Understanding how it works, and how to get started is the first step. The Metasploit project …

Introduction to Metasploit Video Read More »

Scroll to Top