We Can't Rely on the Browser for Protection
A large part of doing security consulting is providing proper mitigations and recommendations to ...
Continue Reading
Burp Extension for F5 Cookie Detection
This past February, my fellow colleague James Jardine wrote an excellent blog post called "Decoding ...
Continue Reading
Your Passwords Were Stolen: What's Your Plan?
If you have been glancing at many news stories this year, you have certainly seen the large number ...
Continue Reading
Using a Throwing Star to Capture Packets
Mobile applications are a hot commodity these days. It seems like everyone and their brother/sister ...
Continue Reading
Brute Forcing the Change Password Feature
As a penetration tester, brute force attacks are something I test for on every application. ...
Continue Reading
GSA Database May Have Leaked Information: Kevin Johnson was Interviewed
Recently it was announced that there was a security flaw found in one of the GSA systems that could ...
Continue Reading
Podcast Show Notes: Why are Passwords so Difficult
Kevin and James just finished up recording episode 2 of the Professionally Evil Perspective ...
Continue Reading
The Watering Hole: Is it Safe to Drink?
How many times have you been told you have a vulnerability that you just don't understand its ...
Continue Reading
Admin Consoles, Default Creds, and Sweet Pwnage
When performing internal network penetration tests, one thing that really gets us excited is ...
Continue Reading
Decoding F5 Cookie
As a penetration tester, there are many different things you come across while performing a test. ...
Continue Reading
Grab a CORS Light
Many of you already know that any cross-site HTTP requests invoked from scripts running within a ...
Continue Reading