Watch my latest presentation about vulnerability management given at Bsides Boston 2015: What is this talk about? Well, a robot, a ninja and a pirate get into a fight. The question is: who wins? While we can debate this question until the end of time, likely have fun in the process; it’s a waste of […]
Derbycon 3.0 was an outstanding conference (hopefully more on that later). For now, check out the recorded video of my presentation: Special thanks to Adrian Crenshaw, AKA Irongeek, for recording and posting all of the Derbycon presentations. You can watch all of the presentations from this conference on this page (as they become available).
The OWASP Top Ten is an awareness document for web application security, representing broad consensus about the most critical web application security risks as determined by the OWASP community. The OWASP Top 10 is one of the earliest and longest running OWASP projects, first published in 2003, and updates have been produced in 2004, 2007, […]
Firmware-Mod-Kit to make Malicious Firmware The intent of this tech segment is really to show how insecure devices are, and how we need to be cautious when rooting, modifying or updating firmware. Where it first starts is a tool create by Craig Heffner and Jeremy Collake ( download here ). It allows you to take […]
A few weeks ago (Episode 329 https://securityweekly.com/wiki/index.php/Episode329#Tech_Segment:_Free_Amazon_Socks_Proxy_by_Allison) Allison gave a great segment on avoiding firewalls using port forwarding and SOCKS proxy via ssh with a server on port 443 using free Amazon AWS instance. Something struck me: 1) you could have a proxy block SSH traffic going over 443. 2) you could haven IDS detect […]
Our intern Patrick shows what he has learned about SQL injection and how to use PHP and MySQL to write a couple different php web shells to a server’s file system. Tune in to Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our YouTube Channel or our Bliptv channel.
Here is our newest intern’s first project, presenting on Cross-Site Request Forgery. We apologize, the audio cuts out when the video cuts to the computer screen. But there is the text explanation on the show notes page, linked below. Episode 315 Show Notes Tune in to Security Weekly TV, Hack Naked TV, and Hack Naked […]
Dr. Cole is a SANS instructor and author of several books including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. Plus he recently released Advanced Persistent Threat (drink!). Episode 314 Show Notes Episode 314 (mp3) Tune in to Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on […]
Tim Medin from Counter Hack Challenges joins the show to tell about the Miser brothers and the Year Without a Santa Claus and explain the SANS Holiday Challenge 2012. Hack your way through five levels to warm up Snow Miser and cool down Heat Miser and get Santa back to work. Plus, Paul gets a […]
I’ll say up front, I love GISkismet for interpreting kismet .netxml output for sending to Google Earth. However, I find that sending the .nextml output to Sqlite3 also gives me plenty of options for reporting on issues as well! In many cases when I do assessments, I won’t have GPS location available; I’m walking around […]