Announcing Tactical Sec Ops: Cloud Edition Online
2016 is shaping up to be an interesting and exciting time at Secure Ideas. We have always done training in one form or another. Many of you may have...
Posts
Red Teaming - Not What You May Have Thought
Lately, I’ve been doing a lot of reading on some less technical topics and I ran across “Red Team: How to Succeed By Thinking Like the Enemy”...
Reading (Slogging) Through the 2015 Verizon DBIR
When the first data breach investigations report was released by Verizon in 2008, I remember thinking how awesome it was to get some actual data...
All Your Base Are Belong to #HeartBleed - OpenSSL Heartbeat Overflow
What You Need to Know and Do About It Unless you’ve been hiding under a rock, I’m sure you have heard about the overflow vulnerability in OpenSSL’s...
Professionally Evil Speaking: Two Free Events in Salt Lake City, UT and Ogden, UT
These are a couple of local events for all you folks in the Salt Lake City, Ogden and Provo areas. Kevin Johnson will be speaking at two events on...
Xbox One - Network Scans and Traffic Analysis
This week we are returning back to our analysis of the Xbox One and checking out some of the data we gathered during the last post. I know some...
Webcast: Defending Against Web App Attacks Using ModSecurity
Later this month I will be presenting a free webcast on ModSecurity and how we can make better use of it. This is going to be very close to the...
Xbox One - Capturing the Configuration Traffic
One of the fun things about working at Secure Ideas are the conversations that we have about different technologies and platforms. One of my...
MIRcon 2013 - Analyzing Web Attacks with ModSecurity
Last week I was able speak at MIRcon 2013 about how to use ModSecurity to discover attack activity and defend your environment. The presentation...
Analyzing Web App Attacks Using ModSecurity at MIRcon 2013
I’m extremely excited to announce that I will be speaking at MIRcon2013 on ModSecurity! The presentation’s goal is to help systems administrators,...
Professionally Evil Toolkit - BozoCrack
This week I’ve been teaching a class on web app security for developers and I remembered a fun little script that I thought I’d share here. That...
Why Do Phishing As Part of Security Testing
I was recently watching a web cast on incident response and found myself thinking about the cause of the example incident. It was yet another...