As many of you may know, I’ve been co-hosting the Shared Security Podcast (formally known as the Social Media Security Podcast) with my fabulous co-host Scott Wright from Security Perspectives Inc. We’ve been recording this podcast every month (mostly) since 2009 and over the years we’ve had feedback from many of our listeners that they’ve always …
Introducing the Shared Security Weekly Blaze Podcast Read More »
If you attended my talk “Using Technology to Defend Digital Privacy & Human Rights”, thank you! Here’s a list of supplemental material discussed during the presentation as well as where you can find out additional information about the topics covered. I’m happy to answer any questions that you might have via Twitter, Facebook or LinkedIn. …
Using Technology to Defend Digital Privacy & Human Rights – Presentation Notes Read More »
Each year my team conducts hundreds of Penetration Tests in a wide variety of industries, ranging from Healthcare to Retail, Finance to Manufacturing, and many more. The team analyzed data collected from each of our penetration tests at SecureState since 2011 and found common themes in the methods of compromise utilized to break into organizations and compromise …
Top 5 Attack Vectors Report: Defend It Before You Hack It Read More »
Just a quick update to let everyone know that I’ll be teaching SANS SEC542: Web App Penetration Testing and Ethical Hacking in St. Louis July 8-13th through the Community SANS program. This is a fantastic 6 day class with lots of hands-on exercises, sharing of my real world web app testing experiences and a Capture …
I’ll be at SANS 2013 in Orlando this weekend assisting Kevin Johnson with his SEC542: Web App Penetration Testing & Ethical Hacking class and giving two SANS@Night presentations: Social Zombies: Rise of the Mobile Dead w/Kevin Johnson – Monday, March 11th, 7:15pm – 8:15pm “Hall of Shame” Apps in the Apple App Store and Google Play – Wednesday, …
For the last several months I’ve been performing research on techniques attackers could use for performing accounting fraud in popular accounting systems. This research coincides with a whitepaper that SecureState has developed entitled “Cash is King: Who’s Wearing Your Crown?” To perform this research I have collaborated with a coworker of mine, Brett Kimmell, who is the …
Project Mayhem to be Unleashed at Black Hat Abu Dhabi Read More »
In this series of blog posts I’ll be discussing some handy Burp Suite techniques we often use on our penetration tests. Burp Suite is our de facto tool of choice for assessing web applications and conducting web based brute force attacks. First up are some techniques to use when conducting brute force attacks on websites …
Here are the slides from my recent webinar. Sorry about the delay! The Android vs. Apple iOS Security Showdown from Tom Eston
It’s not too late to register for my webinar on July 12th: Android vs. Apple iOS Security Showdown. I’ll be taking a entertaining look at the current security posture of both platforms. I’ll be battling the Apple App Store vs. Google Play, device updates, MDMs, developer controls, security features and the current slew of vulnerabilities for both …
Free Webinar July 12th: Android vs. Apple iOS Security Showdown Read More »
I’m proud to be teaching SANS Security 542 here in Cleveland through the SANS Mentor Program beginning in August. The SANS Mentor Program allows you to save thousands on your training budget and still experience live SANS training on the GWAPT classes – live training without traveling! COURSE DETAILS: Security 542: Web App Penetration Testing …
