Tag Archives: pentest

Free Webcast April 10th: Learn about APTs, Business Process Hacking and Breaking into a Casino!

0
Filed under Penetration Testing, Spylogic News
Tagged as ,

On Tuesday April 10th at 12pm EST, 9am PST, 5pm GMT I’ll be presenting “5 Lessons Learned From Breaking In: Confessions of a Pentester & Other Stories” during a free webinar.  I’ll be talking about the five most common ways my team and I break into companies that you would think are highly secured such as energy companies and casinos.  I’ll be joined by Richard Stiennon and Kevin Henry who will be discussing business process hacking and APTs.  When you register you will get entered to win a full version of Netsparker Web Application Scanner (retail value of $5,950).  Register for free here.

 

Attacking & Defending Apple iOS Devices in the Enterprise Presentation Updates

0
Filed under Apple, Mobile Security
Tagged as , , , , , , ,

Below are links over on SlideShare to the latest version of my ever evolving presentation “Attacking & Defending Apple iOS Devices in the Enterprise”.  This is the version I presented at the SANS Mobile Device Security Summit a few weeks ago.  I include information on iOS 5, the latest jailbreaks at the time (this has since changed with the release of iOS 5.1) and some information on the security of iCloud.

Just a reminder that I’ll be presenting Smart Bombs: Mobile Vulnerability and Exploitation with John Sawyer and Kevin Johnson at OWASP AppSec DC on April 5th in Washington DC.  I’ll be focusing my research on iOS application testing and some of the vulnerabilities discovered in some of the top 25 iOS applications.

Don’t Drop the SOAP: Real World Web Service Testing for Web Hackers Presentation

2
Filed under Application Security, Penetration Testing, Web Services
Tagged as , , , , , , , , ,

Sorry for the long delay on posting the slides from the presentation that myself, Josh Abraham and Kevin Johnson did at Black Hat USA and DEF CON 19.  I’ve uploaded the slides from DEF CON to SlideShare (you can also download a copy there as well) and below are the links to the tools and white paper.  I’m currently in the process of working with OWASP to get the testing methodology put into the next version of the OWASP testing guide (v4).  If you have any comments or bug reports for the tools and vulnerable web services please let Josh and Kevin know, they would appreciate it!

Download the white paper.  Download Josh’s Metasploit modules.  Download Kevin’s vulnerable web services.