Category Archives: Spylogic News

Free Webcast April 10th: Learn about APTs, Business Process Hacking and Breaking into a Casino!

Filed under Penetration Testing, Spylogic News
Tagged as ,

On Tuesday April 10th at 12pm EST, 9am PST, 5pm GMT I’ll be presenting “5 Lessons Learned From Breaking In: Confessions of a Pentester & Other Stories” during a free webinar.  I’ll be talking about the five most common ways my team and I break into companies that you would think are highly secured such as energy companies and casinos.  I’ll be joined by Richard Stiennon and Kevin Henry who will be discussing business process hacking and APTs.  When you register you will get entered to win a full version of Netsparker Web Application Scanner (retail value of $5,950).  Register for free here. Reloaded

Filed under Spylogic News
Tagged as , , , ,

You may have noticed something strange about my blog.  Clean, smooth, fast, different…these are all things that describe the look and feel of the new blog (hopefully).  What happened?  Well for starters I was fed up with the basic features of Nucleus CMS.  While Nucleus was a very stable and reliable (read: low on the blog hacking list), it’s about ten years behind in blogging technology.  No built in post tagging, no WYSIWYG editor, link lists that had to be edited in php, etc…I picked WordPress to upgrade to because it’s really the most user friendly and has some really great features and plugins.  Yeah, it’s a target for vulnerabilities but I’m willing to live with that as long as I have a blog that’s easy to maintain and can help me save time when posting/editing things.

The adventure of blog migration to WordPress
I started the transition from Nucleus CMS to WordPress early last week…of course thinking this would be an easy migration.  Ummm, no.  It was pretty painful actually.  You see, WordPress doesn’t have a official migration path from Nucleus CMS.  So I had to rely on the advice of others in the WordPress community that had done the same upgrade in the past.  Of course there were a bunch of different ways to do this so I basically took a few of the migration scripts that a few others have written, hacked them up even more and tested.  Testing took about a week…it really sucked.  I had to install version 2.1 of WordPress to use a certain migration script that I didn’t feel like recoding to get to work with 2.8.1.  Of course my categories and images were FUBAR so there was another script I had to write to fix that.  BUT, the biggest issue was how Nucleus handles URL’s for blog posts.  The problem was that I had lots of links out there in Google and other places pointing to blog posts.  In Nucleus my post links were like this:

WordPress links are something like this:

So your probably thinking that I can just make my links in WordPress match the Nucleus links?  Nope.  WordPress renumbered all my posts out of order and writing another script to re-number 400+ posts wasn’t in my plan.  So…mod_rewrite and php scripting to the rescue!  I must say, I haven’t had a situation yet where I had to manipulate URL’s on a website yet but now that I did…mod_rewrite is awesome and it was a great learning experience.  I won’t go into gory detail but in a nutshell I used a SQL query to map my old numbered posts from the nucleus posts table to the WordPress style URL naming…by date so they match up.  I then took that query output and put it into a php script.  The php script is referenced in my .htaccess file that contains the RewriteRules.  So…when someone clicks on the old style Nucleus links the script maps it to the new links.  Cool.  If you want to see all of the code I followed the guide that another blogger posted about his migration but made my own modifications and did a few things different then his code did…but you should get the general idea.

What changes?
So besides the blogging platform other things I decided to do was a new logo/header that @JaneDeLay created for me (she rocks!) and I decided to include more of my other publications, articles and such in separate pages.  I also put a speaking page where you can find out where I’m speaking at and also a list of past talks (something a few of you have wanted to know).  RSS feeds are still through FeedBurner so you don’t have to update your feeds.  Lastly, I decided to move the majority of my social media security research to another site altogether.  This site is focused on social media security and will have guides, videos, presentations and research from not only myself but others.  I’m planning on launching the site at DEFCON 17 at my talk or right before it.  It’s been difficult blogging about anything lately because of my crazy work/home/life schedule so hopefully the new site will bring some focus back into blogging and about other things besides social media. 🙂 I’ll probably mention some of the content from the new site on this blog if it seems relevant.

Anyway, let me know if you have any feedback on the new site (there might be a few bugs still) and thanks for reading my blog!

Where is Tom?

Filed under Spylogic News
Tagged as ,’s been really crazy as of late. Sorry for the lack of blog posts but this is “the” busy month of the year for me! Here is what I have going on:

October 11th Ohio LinuxFest
Security Justice will be podcasting live from the Ohio LinuxFest! Dave and myself will be there hanging out with the folks from Notacon and others. If you are there…stop by, say hi and pick up some Security Justice stickers!

October 15th NEO InfoSec Forum
I will be giving a talk on “Information Gathering with Maltego” at the NEO InfoSec Forum. Join us after the meeting at Mavis Winkles for beer and the live recording of the Security Justice podcast.

October 30-31st Ohio Information Security Summit
There are several things that I am doing at this year’s local security summit:

I will be participating in a panel discussion at 2:20pm on October 30th, “Social Networks – Acceptance and Mitigation of Risk in Today’s Workplace”. Later that evening at 6pm I am leading a birds of a feather session entitled “Security & Privacy of Social Networks”. At this session I will be releasing my Facebook Privacy and Security Guide at the session. Look for a blog post about this project soon.

Finally, on October 31st I will be doing a talk entitled “Penetration Testing 2.0: Corporate Tiger Team” at 1:30pm.

If you are local or in the surrounding Ohio area be sure to check out the Information Security Summit. It’s well organized and is only $250 for two full days of talks!

Oh, and if that wasn’t keeping me busy enough…I am working on another Security Justice special edition with another very special guest to take place some time in October. More details soon.

I’ll hopefully get a few posts up in the next few days…I have a few in the “queue” almost ready to launch. 🙂 Back to work for me and thanks for reading!