Uncategorized

The Report

Being a pen tester is a cool job, we get to break into companies (with permission), steal stuff, and then tell them how we did it. Many testers focus on the cool hack, or getting domain admin, or finding SQL injection flaws because that is the exciting part of the job. These make up the …

The ReportRead More »

Professionally Evil Support: Educating your family on the basics

For the longest time, I was in my own echo chamber, where everyone knew basic user security and all we discussed were the finer details of configuration. Stepping outside of that, I’ve found several people in the real world that want very desperately to do their part, but don’t know where to start or what …

Professionally Evil Support: Educating your family on the basicsRead More »

Protecting your Kids from Online Threats

“The greatest gifts you can give your children are the roots of responsibility and the wings of independence.” — Denis Waitley As information security professionals, we’re often asked about how to best protect children online. I’ve got four of my own, and discussions about what is or isn’t appropriate, are nearly endless. Because let’s be honest, …

Protecting your Kids from Online ThreatsRead More »

Place Your Right Hand On This Glass

One of the hassles of the Yahoo! breach was clearly the coming-home-to-roost quality of the mega-stupid 90’s era “something about you” secret questions, a relic of the “portal” fantasy-based business model, under which you were expected to voluntarily subvert the freedoms of the Internet by turning over all your new-found freedom by allowing one company …

Place Your Right Hand On This GlassRead More »

You Must Be This Tall . . .

Imagine going in to do an incident response at a fairly large customer that has no visibility within their firewalls, no intrusion detection, no sense of inventory, because they had no ability to run even the most basic of vulnerability scans across their network. If I just described something that sounds a little scarily like …

You Must Be This Tall . . .Read More »

Statement by Nick Selby on Bishop Fox / Muddy Waters Report

FOR IMMEDIATE RELEASE: Statement by Secure Ideas Response Team Director Nick Selby on the Report Issued Today by Security Consultancy Bishop Fox Media Contact: Ben Singleton JACKSONVILLE, FL, OCT 24. Today, a technical report was released by the technology consultancy Bishop Fox, that was based on research  conducted by a team of which I was …

Statement by Nick Selby on Bishop Fox / Muddy Waters ReportRead More »

Cloud-Base Host Discovery Is Easier Than You Think!

During a recent conversation at DerbyCon it occurred to me that some security folks who are just dipping their toes into AWS are struggling a lot with the idea that cloud (EC2) instances keep popping up spontaneously. Developers and their agile / devops / continuous deployment methodologies are creating a chaotic mess of the network that has …

Cloud-Base Host Discovery Is Easier Than You Think!Read More »

A Brief BeEF Overview

BeEF, the Browser Exploitation Framework,  is a testing tool that allows the penetration tester to look past hardened network perimeter and client system, and launch client side attacks directly against the targeted browsers providing pivot points to other systems. In this guide I’ll be using Kali Linux, the penetration testing distribution created by the folks …

A Brief BeEF OverviewRead More »

Scroll to Top