Nathan Sweaney

Introduction to Metasploit Video

The Metasploit Framework is a key resource for security assessors. Whether you’re goal is to become a commercial penetration tester, to demonstrate the risk of a vulnerability, or just need to identify certain weaknesses in your environment, Metasploit is your tool. Understanding how it works, and how to get started is the first step. The Metasploit project …

Introduction to Metasploit Video Read More »

Intercepting DNS

Recently during a penetration test, I discovered a Linksys WRT54G wireless router that had been installed on a customer’s network. Surprisingly, this device was accessible from the Internet with default credentials. Watching the client list, I noticed several clients connecting on & off throughout the day. We all know that this is bad, but how …

Intercepting DNS Read More »

Why Target’s Breach Included PIN Data

Last Friday Target issued an update acknowledging that encrypted PIN data were included in the data stolen in their recent breach. This quickly became a hot news segment and the social media was abuzz with renewed criticism of the retailer. Though the data technically was stolen, and I applaud Target for publicly announcing it, this …

Why Target’s Breach Included PIN Data Read More »

Secure Ideas is Offering a Free Secure Coding Class

SECURE IDEAS IS OFFERING A FREE SECURE CODING CLASS You see it the news all the time.  Websites are getting hacked, data is being stolen, and revenue is lost.  How are they committing these breaches?  How does a website get hacked anyway? Come to a 3 hour technical workshop at Galvanize on December 20th to …

Secure Ideas is Offering a Free Secure Coding Class Read More »

Professionally Evil Toolkit – Recon-ng

The first stage of almost every successful penetration test is the reconnaissance phase. During this phase of an engagement we scour publicly accessible resources for information about the target that will provide insight and direction for later phases. We look for information that was made public intentionally, and sometimes unintentionally, that tells us more about …

Professionally Evil Toolkit – Recon-ng Read More »

Facebook Removes Privacy Settings (or Why it’s hard to hide information on the Internet)

A few weeks ago Facebook announced the removal of a “Search” setting. That’s their marketing term for a privacy setting. The setting in question allowed a user to prevent his or her Facebook profile from being discovered via Facebook’s search function. Now before you go look for it, you should know that most of us …

Facebook Removes Privacy Settings (or Why it’s hard to hide information on the Internet) Read More »

Comparing Authorization Levels with Burp’s Compare Site Map feature

Burp Suite from Portswigger.net is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot of features that often get overlooked. One of these features is the “Compare Site Maps” feature. This wizard-based function compares two different site maps of a …

Comparing Authorization Levels with Burp’s Compare Site Map feature Read More »

Scroll to Top