Announcing Burp Co2!
This is for those of you who do web pen testing with Portswigger’s Burp proxy tool! Over the past couple of months I have been using my Java skills...
How to configure Android (Virtual) for Mobile PenTest
This post is about setting up an Android Virtual Machine (AVD) for a mobile application penetration test.
Cooking up Better Security Incident Communications
I am fond of meal kits. I enjoy the entire experience: the scrolling through delicious-looking meal descriptions, the excitement of receiving a...
Once upon a time there was a WebSocket
This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web...
Security Review of Nest Camera
I love tinkering with home automation and security solutions. The simplicity of turning on a light bulb with a voice command makes me giddy, and I...
Equifax Breach: Why I am not surprised
The Equifax breach, announced in September 2017, is said to potentially impact some 143 million Americans. At this point in time Equifax has not...
Are You Ready for Your Pen Test?
It is day three of a five-day penetration test engagement and we still don’t have all the information we need to proceed with the test. This...
Cloud-Base Host Discovery Is Easier Than You Think!
During a recent conversation at DerbyCon it occurred to me that some security folks who are just dipping their toes into AWS are struggling a lot...
Wireless Attacking EAP-TTLS with Kali 2 and ALFA AWUS051NH
Is your corporate wifi as secure as you think it is? A common configuration for WPA Enterprise wireless networks is to use a combination of PEAP...
Professionally Evil Insights: 2015
Are you interested in knowing which vulnerabilities are the most commonly discovered in penetration tests? How about which industries are doing the...
Five Outdated Security Excuses
The Security Industry as a whole has been known to criticize businesses large and small with respect to how they manage security. Why does it so...
Introducing Burp Correlator!
This one is for you web penetration testers! This new Burp extension is designed to help with efficiency when you are testing a complex application...