Posts by Kirk Hayes

7 min Haxmas

The Twelve Pains of Infosec

One of my favorite Christmas carols is the 12 Days of Christmas []. Back in the 90's, a satire of the song came out in the form of the 12 Pains of Christmas [], which had me rolling on the floor in laughter, and still does. Now that I am in information security, I decided it is time for a new satire, maybe this will start a new tradition, and so I am presenting, the 12 Pains of Infosec. ----------------------

4 min Penetration Testing

Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues

In a fight between pirates and ninjas, who would win? I know what you are thinking. “What in the world does this have to do with security?” Read on to find out but first, make a choice: Pirates or Ninjas? Before making that choice, we must know what the strengths and weaknesses are for each: Pirates Strengths Weaknesses StrongLoudBrute-Force AttackDrunk (Some say this could be a strength too)Great at PlunderingCan be CarelessLong-Range CombatNinjas Strengths Weaknesses FastNo ArmorStealthySmal

5 min Application Security

Hacking Apps - So Easy An Infant Can Do It

Mobile app hacking is nothing new. Many people have performed different assessments and there are even courses all about it. Even so, many penetration testers may still be hesitant about performing these types of assessments, or may not do them well. Mobile application hacking is much like other forms of hacking. You can't get really good unless you regularly practice. So how can we get experience hacking mobile applications? Well, with over 1.5 million apps in the Google Play store and the Appl

3 min Metasploit

12 Days of HaXmas: Making a New Years Resolution You Can Keep

This post is the eighth in the series, "12 Days of HaXmas." It's that time of year again; when we all look to making resolutions to make changes in our lives. For some, it is eating healthy or exercising. Others decide to spend their time differently or change spending habits. Often these resolutions work for a few weeks, but then we quickly fall back into the old habits and break those resolutions. Me, I am resolving to write more Metasploit modules. You see, back in October, Rapid7 publicly (