I am very proud! Last week, Magnus Holst and me established a new company, River Security. Check out our mission and services here: https://riversecurity.eu
Docker for Information Security Professionals
I just did a webcast on this topic. It has slides and examples on how to utilize Docker for security related work. I hope you enjoy!
YouTube video release – Fuzzing for vulnerabilities
Fuzzing and figuring out where vulnerabilities might be is an essential skill for anyone looking to discover vulnerabilities.
YouTube video release – Breaking ECB Crypto (No programming)
Cryptography is not always deployed in a secure manner. When user controlled input is provided to a server and the server encrypts the data, outputting the results back to the user, it might be used as an oracle to learn which plain-text provide which encrypted data. This weakness is often present in Electronic Code Book […]
Creating reserved file names and Alternate Data Streams
I created a Youtube video to prove how to create reserved file names using the \\.\ prefix in the command line. Also I show how to append ADS to facilitate hiding and other interesting stuff.
Security Misconceptions 2020
Yesterday I did a SANS @Mic talk where I presented on common security misconceptions. The talk discovers many pits and fallacies we make while consulting ourselves and others within information security. I hope it’s interesting! You can find it here:
Youtube Series – Bookshelf review
A series on the books on my bookshelf has been completed. You can find all the videos here: https://www.youtube.com/playlist?list=PLag7W-lJE2Aw4m1754iJd3tQlgnr4eAeQ
Youtube Series – Web Hacking
I’ve got 27 videos on how to work with web hacking, working through the popular wargame OverTheWire.org, specifically the game called Natas. Check out my videos here: https://www.youtube.com/playlist?list=PLag7W-lJE2Aw8hzezQl17ZlE6CfNS3nYu
Gmail alert on senders who might be trying to phish you
I noticed a great new alert today on my GMail account. Previously I’ve received emails from David Cohen on his business email, however he suddenly sent me an email from his private email address. This sparked Gmail to give me an alert, saying that this individual might be pretending to be someone they’re not. Pretty […]
Netcat backdoor without -e and mimicking Netcat with bash
Netcat backdoor without -e (execute option) Netcat is installed by default on a lot of Linux systems, however we are seeing more and more Netcat’s are compiled without the -e option. The -e options allows us to execute and serve an executable over the connecting socket. It is incredibly handy feature, both for controlling an executable over a network connection, […]