Just a quick update to let everyone know that I’ll be teaching SANS SEC542: Web App Penetration Testing and Ethical Hacking in St. Louis July 8-13th through the Community SANS program. This is a fantastic 6 day class with lots of hands-on exercises, sharing of my real world web app testing experiences and a Capture […]
For the last several months I’ve been performing research on techniques attackers could use for performing accounting fraud in popular accounting systems. This research coincides with a whitepaper that SecureState has developed entitled “Cash is King: Who’s Wearing Your Crown?” To perform this research I have collaborated with a coworker of mine, Brett Kimmell, who is the
Project Mayhem to be Unleashed at Black Hat Abu Dhabi Read More »
In this series of blog posts I’ll be discussing some handy Burp Suite techniques we often use on our penetration tests. Burp Suite is our de facto tool of choice for assessing web applications and conducting web based brute force attacks. First up are some techniques to use when conducting brute force attacks on websites
For those of you that attended the webcast yesterday (and those who didn’t) I’ve uploaded my slides to my SlideShare page. Thanks to my co-presenters Richard Stiennon and Kevin Henry for presenting some great content with me! If you’re interested Richard has posted his slides to SlideShare as well. Five Lessons Learned From Breaking Into A
Slides from my “5 Lessons Learned From Breaking Into A Casino” Webcast Read More »
On Tuesday April 10th at 12pm EST, 9am PST, 5pm GMT I’ll be presenting “5 Lessons Learned From Breaking In: Confessions of a Pentester & Other Stories” during a free webinar. I’ll be talking about the five most common ways my team and I break into companies that you would think are highly secured such
This week I co-presented “Smart Bombs: Mobile Vulnerability and Exploitation” with John Sawyer and Kevin Johnson at OWASP AppSec DC. We talked about the some of the current problems facing mobile applications such as flaws found in the OWASP Mobile Top 10 and various privacy issues. We also talked about how you go about testing
Smart Bombs: Mobile Vulnerability and Exploitation Presentation Read More »
I’ll be presenting “Attacking and Defending Apple iOS Devices in the Enterprise” Monday, March 12 @ 10am. I’ve got a bunch of new content about iOS 5, iCloud and the latest attacks on these devices. This is the inaugural event for SANS and I’m proud to be part of it! More information can be found
Speaking at the SANS Mobile Device Security Summit Read More »
Sorry for the long delay on posting the slides from the presentation that myself, Josh Abraham and Kevin Johnson did at Black Hat USA and DEF CON 19. I’ve uploaded the slides from DEF CON to SlideShare (you can also download a copy there as well) and below are the links to the tools and
Don’t Drop the SOAP: Real World Web Service Testing for Web Hackers Presentation Read More »
Last week I spoke at the Central Ohio ISSA Conference about Attacking and Defending Apple IOS Devices. This talk was based on information gathered from several of the mobile pentests that I conducted at SecureState. I’ll be working on more research that will be going into an white paper that I will hopefully be releasing
Attacking and Defending Apple iOS Devices Presentation Read More »
A few weeks ago the fine folks over at Paterva released the next version of their information gathering tool, Maltego 3. Ever since day one of the product I’ve been a huge fan and have used it in multiple penetration tests and various reconnaissance activities. I know I’m not alone as many of you in
Overview and Review of Maltego 3 Read More »
