In Georgia, State Bill 315 was introduced in 2018 to criminalize unauthorized computer access. In addition to the two page bill being overly vague and open to interpretation, unauthorized access was already criminalized by the Computer Fraud and Abuse Act (CFAA), a federal law. The bill was quickly passed by the House and Senate and, […]
Category: /dev/random
Your data is already stolen, now what?
I read an interesting article from Bruce Schnier today that was basically a commentary on an equally interesting article from Brian Krebs about the recently disclosed Marriott breach. I’ve linked both articles below but wanted to highlight a couple of key points. Accept that you are vulnerable (your data has been, and will continue to […]
The best place to get started on the red team?
The blue team.
The blue team.
One question that I get a lot, whether it’s from students, current or hopeful IT folks or just curious folks who wonder how one gets into this line of work, is “How do / can I get started hacking?” or “How do / can I get started on the red team?”. I’ve heard tons of […]
More than 591,000 systems in the US available via Remote Desktop with only a username and password
What is RDP? Remote Desktop Protocol, or RDP, is a tool that many organizations leverage to allow users to access systems remotely. It’s built into all modern versions of Windows, is easy to enable, typically uses the same username and password used to access other systems (laptop, desktop, email, etc.) and offers a full desktop […]
Vecrypt v1.19 released and fixes multiple low, medium and critical risk vulnerabilities
The open-source encryption software and successor to Truecrypt Veracrypt has been updated to v1.19 to address vulnerabilities discovered in a recently completed code audit. The update addresses all critical, medium and low-risk vulnerabilities and workarounds have been provided for those vulnerabilities not yet addressed. The audit was completed against Veracrypt v1.18 and was completed on […]
Vulnerability Assessment or Penetration Test, which do I need (and why)?
When I meet people and tell them what we do (I usually lead with ‘Offensive Security’, that seems to be a real conversation starter), the conversation almost always ends up going something like “What is a vulnerability assessment, what is a penetration test, do I need one and, if so, which one do I need?” […]
Hacking a penetration tester
I just finished reading this article titled “Hacking a Penetration Tester” and made a few notes that I thought may be helpful to pass along. The basic premise of the article is that the author (Wesley McGrew) and his team were conducting a penetration test and found a Meterpreter shell that had been left behind […]
Hiding in plain sight, how attackers use your network against you
We’ve all seen the movies and television shows where ‘hackers’ use elaborate tools to break into networks and, once in, use more elaborate tools to move around undetected doing whatever they set out to do. It’s true, there are some pretty cool tools out there (a few noted below) but, as this article at Threatpost […]
DEF CON 24 Workshop Schedule Live
DEF CON 24 is now less than 2 months away and the schedules are starting to finalize. Below is a link to the DC24 workshops and I’ll try to post the other schedules (villages, skytalks, etc.) as I catch them. https://defcon.org/html/defcon-24/dc-24-workshops.html
Happy Memorial Day
Memorial Day is the day set aside each year for us to give thanks to the men and women who have given their lives defending the freedom and way of life that we enjoy as Americans. On behalf of a grateful nation, we thank you and are eternally grateful. Photo Credit