Hi All We have scheduled our first Developer course for April in Pretoria, should you know of anyone in your area that would like to attend. – Hacking by Numbers – Developer Edition (28-30th...

Way back when i was a sysadmin, i recall reading a quote from one of the ATT greybeards who said something to the effect of “every competent sysadmin should be able to build his own network card”....

A little while back i commented on Marcus Ranums HiTB talk “Cyberwar is Bullshit!“. I ended the post with the words “Ranum is indeed much better than this..“. Ranum spoke recently at Source...

what? on April 1st???? Never!

The United States committee on Homeland Security’s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology recently held a hearing to determine if “the Payment Card Industry...

We’ve had a number of issues with reDuh and the various server versions published. Some clients worked with some versions of the server, and didn’t play nicely with others. I am happy to say that...

We have scheduled our next training course, Hacking By Numbers – Extended Edition (Bootcamp) in May 11-15th . The course runs for a full 5 days. Overview The HBN ‘Extended Edition’ is simply an...

Comments on the blog have been suprisingly quiet and we should have realised this when more and more people started having discussions with us via twitter or email (as opposed to simply saying...

We recently introduced some neat blizzards onto a PoC Broadview client. On tha back of Conficker, our Broadview Dashboard sports a couple of instantly available blizzards that show: 1. How many...

After some queries regarding SPUD, I thought it would be a good idea to blog this reminder: * Spud can only be run as an administrative user. * Spud cannot be run by directly accessing the .exe....

With our recent release of BiDiBLAH 2.0, we’ve decided to revisit some real world scenarios, and ways BiDiBLAH can deal with it… Herewith, part 2. All the scenarios can be downloaded from the...

Part of the problem Microsoft bumped into with Vista, was hordes of people who had grown too attached to XP.. It seems they learnt their lesson (and found a cheap way to maintain backward...

Chris Eng over [at the Veracode blog] documents how he approached, and decoded the info behind the [2009 Verizon Data Breach Investigations Report ] Its an interesting read, and although in the...

[Zappos.com] is one of those companies people love to write about. They make headlines for their use of new media and their CEO (Tony Hsieh) is as .com legendary as one gets.. (he sold...

Yvette Du Toit (E&Y – UK/ZA) featured on the latest ITSecurity Pubcast and spoke about her role in CREST. SensePost were invited along, and i showed that while i have a face for radio, i do not...

At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact...

In early 2002 i recall reading and falling in love with Jim Collins book: “From good to Great“. I recall being so excited by some passages that i typed out whole paragraphs and sent them around to...

Rich Mogull (who’s stuff I really quite dig) has launched an ‘Open Patch Management Survey’ via the SecurityMetrics blog. Its an interesting idea, and they plan to release both their analysis...

The first one from hacker news, aptly titled “How I Hacked Hacker News (with arc security advisory)” and the 2nd, a welcome-back-to-the-blogosphere-tptacek post on the matasano blog: [Typing The...

Ron Auger sent an email to the [WASC Mail list] on some fine work presented recently by Microsoft Research. The paper (and accompanying PPT), titled [Pretty-Bad-Proxy: An Overlooked Adversary in...

I really enjoy listening to Mac Break Weekly.. Leo Laporte is an excellent host and i would tune in just to hear [Andy Ihnatko’s] take on the industry and the (possible) motivations behind certain...

’cause theres some serious cloud computing competition on the horizon.. A google search for Cloud Provider returns the following paid ads.. Now i know conventional logic says its a bad idea to...

We were invited to speak at the recent ISSA2009 conference in Joburg, a local mostly academic security conference and I decided to carry a message in addition to the regular demo-style talk with...

[updated: videos will be made available on this page] 140 slides in 75 minutes. They said it couldn’t be done… and they were right! (mostly) Regardless, our Vegas trip was as much fun as previous...

Our BH09/DC17 presentation relied heavily on videos for the demos, and they’ve been blogged separately. Links below (will be made active once the upload is complete): [slides] [SugarSync]...

[part 1 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal We wanted to demonstrate how access to cloud resources can bring certain attack classes within reach of...

[part 2 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal The premise behind this video was that while we are migrating more and more services into the cloud, the...

[part 3 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal Our third video write-up covers abuse of cloud services. By signing up for free accounts, it is possible to...

[part 4 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal In the fourth installment of our BlackHat video series, we turned our attention to Amazon’s cloud platform...

[part 5 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Goal The final installment of our BlackHat video series showcases weaknesses in the password reset feature for...