7 min
Haxmas
The Twelve Pains of Infosec
One of my favorite Christmas carols is the 12 Days of Christmas
[https://www.youtube.com/watch?v=oyEyMjdD2uk]. Back in the 90's, a satire of the
song came out in the form of the 12 Pains of Christmas
[https://www.youtube.com/watch?v=h4NlR5KQLQ8], which had me rolling on the floor
in laughter, and still does. Now that I am in information security, I decided it
is time for a new satire, maybe this will start a new tradition, and so I am
presenting, the 12 Pains of Infosec.
----------------------
Read Full Post
4 min
Penetration Testing
Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues
In a fight between pirates and ninjas, who would win? I know what you are
thinking. “What in the world does this have to do with security?” Read on to
find out but first, make a choice: Pirates or Ninjas?
Before making that choice, we must know what the strengths and weaknesses are
for each:
Pirates
Strengths
Weaknesses
StrongLoudBrute-Force AttackDrunk (Some say this could be a strength too)Great
at PlunderingCan be CarelessLong-Range CombatNinjas
Strengths
Weaknesses
FastNo ArmorStealthySmal
Read Full Post
5 min
Application Security
Hacking Apps - So Easy An Infant Can Do It
Mobile app hacking is nothing new. Many people have performed different
assessments and there are even courses all about it. Even so, many penetration
testers may still be hesitant about performing these types of assessments, or
may not do them well. Mobile application hacking is much like other forms of
hacking. You can't get really good unless you regularly practice. So how can we
get experience hacking mobile applications? Well, with over 1.5 million apps in
the Google Play store and the Appl
Read Full Post
3 min
Metasploit
12 Days of HaXmas: Making a New Years Resolution You Can Keep
This post is the eighth in the series, "12 Days of HaXmas."
It's that time of year again; when we all look to making resolutions to make
changes in our lives. For some, it is eating healthy or exercising. Others
decide to spend their time differently or change spending habits. Often these
resolutions work for a few weeks, but then we quickly fall back into the old
habits and break those resolutions. Me, I am resolving to write more Metasploit
modules. You see, back in October, Rapid7 publicly (
Read Full Post