My Reading Cycle
I don’t read a lot, but over the last few years I’ve developed a book choice cycle that works really well for me. It helps me finish challenging books that I want to read for de...
Developing Tools for Professional Hackers
Professional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemb...
Finding Your Inner Evildoer (4/4): An Evil Streak
We’ve made it to the last part of my four part series on what makes a great security tester or hacker. Even though this fourth piece is what I consider to be the most important ...
Finding Your Inner Evildoer (3/4): A Good Imagination
In my previous posts I talked about what an overview of what makes a great security tester, and in depth about what it means to have complete knowledge of the system. If you hav...
When to Rebuild Your Process from Scratch
A few months ago I had the opportunity to rebuild the way we operate the services branch of our company. If you’re not familiar with my background I lead a team of the security ...
Finding Your Inner Evildoer (2/4): Complete Knowledge of the System
In the previous post I described an overview of the three traits I look for in great security testers: Complete Knoweldge of the System, A Good Imagination, and An Evil Streak. ...
Finding Your Inner Evildoer: Part 1
As a Security Tester, or hacker, I have one of the most exciting and creative jobs in the industry. We are asked to find as many critical security vulnerabilities in complex sof...
CISCO Password Revealer
I haven’t had much luck with any CISCO clients on the mac. Inevitably clients will send me a CISCO profile configurations that I can’t easily use on my mac. I went searching for...
Which is More Secure: Windows or Linux?
Somebody on LinkedIn asked the above question to a group I’m part of. I decided to answer it thinking “Oh, I can chime in with a quick little answer”, but the more I wrote the m...
The High Cost of an Application Security Data Breach
In the wake of the Sony Security Breaches (breaches, you say? As in plural? Yes, read on for more information) I decided to update some of our instructor led training slide deck...