Why I've started traveling more and that means connecting to the Internet through less-trusted networks. Always nice to have another layer of security when doing more-risky things so I started looking for a good travel router. It is a confusing marketplace right now with some devices focusing on user features such as sharing files from... Continue Reading →
Purpose So at work we have one of those SOC World Clocks that looks a little bit like the one below (and yes I know that London is not spelled with that many "o" letters...I found this on the Internet.). It works OK but has to be reprogrammed for daylight savings time, it loses time... Continue Reading →
Just a quick blurb that I've started a Github project called Offensive Interviews. The goal of this project is to open source many interview questions that can be used to screen offensive infosec practitioners (i.e., pentesters/red teamers). It is a collection of questions and scenarios that you can use to help screen candidates. Of course,... Continue Reading →
With all of the data breaches recently, I urge everyone I know to use a password manager application like KeePass (http://keepass.info/) or LastPass (Yes I know they too got hacked) to store complex, long passwords. The benefit to using these apps is that you can make your responses to those knowledge-based password reset questions (e.g.,... Continue Reading →
Ever wonder what hiring managers look for in "good" resumes? While I cannot speak for my employers, I can say that there are certain pieces of resumes that I care more (or less) about when I review them. Who I usually am looking to hire people that are computer-savvy. The positions I need filled are... Continue Reading →
Lately I've been doing more Open Source Intelligence (OSINT) work where I look on the Internet for information about a subject and then compile it into a dossier. They can be very powerful and present a compelling picture.I gave "Running away from Security" talks at both BSidesCharm and BsidesBoston this year (and at CircleCityCon next week).... Continue Reading →
My newest recon-ng module, "profiler", Â is going to really blow you away. It doesn't do anything miraculous like crypto or ZigBee or SCADA but it does make it easy for you to get information about users on the Internet. Here is the basic premise: you want to find out if a certain user name exists... Continue Reading →
Quick blog post to publish some documents I've created over the years.Sample Web Application Pen Test Excel Report Formathttps://drive.google.com/file/d/0B4pazXmFTvF2dGFYdlJYWDVKUkk/view?usp=sharingSometimes you don't need a full Word document to share your test results. That is what this doc is. It has just the facts and should be combined with a ZIP file of test data such as... Continue Reading →
Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.