terminal23.net
building a pen testing lab – questions and concerns – terminal23.net
http://www.terminal23.net/2016/10/27/building-a-pen-testing-lab-questions-and-concerns
Ghosts in the wire (or rock out with your hack out). Building a pen testing lab – questions and concerns. October 27, 2016. October 27, 2016. It’s been years since I had a working lab at home, and I’m finding myself ready to build a new one. Building and maintaining your security lab is less about being a security expert and more about wearing your Systems Administrator hat. Maybe even your shiny new devops hat! The second easiest route is to forage. Even just having a few extra workstation-class systems...
terminal23.net
10 gadgets every hacker should have according to eset – terminal23.net
http://www.terminal23.net/2016/10/31/10-gadgets-every-hacker-should-have-according-to-eset
Ghosts in the wire (or rock out with your hack out). 10 gadgets every hacker should have according to eset. October 31, 2016. I am usually snarky about lists, yet I can’t help but love this list from ESET’s WeLiveSecurity site, 10 gadgets every white hat hacker needs in their toolkit. I am actually woefully behind on this list, and need to fix that! Is there anything amiss with this list? And it does underline an often missed part of corporate security: do physical walk-thrus to check for rogue hardware!
terminal23.net
putting money back into myself – 1-3 year plan – terminal23.net
http://www.terminal23.net/2016/11/12/putting-money-back-into-myself-1-3-year-plan
Ghosts in the wire (or rock out with your hack out). Putting money back into myself – 1-3 year plan. November 12, 2016. Now that I’ve gently pivoted my career, I have a chance to identify and work on some of my knowledge gaps and desires over the next couple years. This is. PWK/OSCP from Offensive Security –. Not prohibitively expensive, well-regarded, satisfying, self-paced study and a cert to show for it after. CTP/OSCE from Offensive Security –. Linux – local class? There are plenty of other accessibl...
terminal23.net
security warrior 2.0 by kim jones – terminal23.net
http://www.terminal23.net/2017/01/30/security-warrior-2-0-by-kim-jones
Ghosts in the wire (or rock out with your hack out). Security warrior 2.0 by kim jones. January 30, 2017. Kim Jones recently had a wonderful article talking about Building Security Warrior 2.0. I really liked his points and bullet items. I don’t think this is the whole answer, but it’s a very good one. 1 Defense Alone Is Not Enough. 2 Security Is An Interdisciplinary Problem. 3 We Need To Bring Back Critical Thinking. 4 You Do Not Have The Option Not To Communicate. It is still not time for pci dss to die.
terminal23.net
paypal 2fa bypass by henry hoggard – terminal23.net
http://www.terminal23.net/2016/10/26/paypal-2fa-bypass-by-henry-hoggard
Ghosts in the wire (or rock out with your hack out). Paypal 2fa bypass by henry hoggard. October 26, 2016. On October 22, 2016, a two-factor authentication bypass against PayPal. And if PayPal makes these makes mistakes, so does most everyone! Forming questions to ask endpoint security vendors. Building a pen testing lab – questions and concerns. Leave a Reply Cancel reply. Your email address will not be published. Required fields are marked *. On the wire.io. Cmd line kung fu. To shell and back.
terminal23.net
forming questions to ask endpoint security vendors – terminal23.net
http://www.terminal23.net/2016/10/26/forming-questions-to-ask-endpoint-security-vendors
Ghosts in the wire (or rock out with your hack out). Forming questions to ask endpoint security vendors. October 26, 2016. I wonder how often a vendor calls competing vendors to try and get sales pitches, calls, and demos out of The Other Team? Probably less often than I’d like to think. I imagine they have enough work to do without resorting to filling time with some casual spying. Anyway, DarkReading has posted this article, “20 Endpoint Security Questions You Never Thought to Ask”. To be fair, this li...
terminal23.net
quick wins on your next pen test from red team security – terminal23.net
http://www.terminal23.net/2016/10/10/quick-wins-on-your-next-pen-test-from-red-team-security
Ghosts in the wire (or rock out with your hack out). Quick wins on your next pen test from red team security. October 10, 2016. I really wanted to add more to this list of “5 Quick Wins On Your Next Penetration Test” post by Red Team Security Consulting. First, issue a round of security awareness education to your employees. Remind them about phishing attacks, tail gating through locked doors, and reporting general “weirdness” on a server. Server is crashing or slow for no reason? On the wire.io. On sett...
terminal23.net
security job areas – terminal23.net
http://www.terminal23.net/2016/10/12/security-job-areas
Ghosts in the wire (or rock out with your hack out). October 12, 2016. November 18, 2016. Penetration Testing and Vulnerability Assessment (system, network, web, application, cloud, mobile, physical). Incident Response, Malware Analyst. Forensics (memory, disk, network, mobile). Risk and Compliance Analysts. Architect, Policy, and Design. Security Researcher (reversing, exploit dev). Security Operations Engineer, Security Manager/Analyst (network, identity, application). Management (CISO, Manager). There...
terminal23.net
the job of information security and the most important quality – terminal23.net
http://www.terminal23.net/2016/10/10/the-job-of-information-security-and-the-most-important-quality
Ghosts in the wire (or rock out with your hack out). The job of information security and the most important quality. October 10, 2016. October 10, 2016. You don’t need security without the insecurity, and as such security will always be behind the curve. Integrity isn’t surprising as an important quality in security, as it is also an important quality for life in general. Security also has to know how to handle people, as they are always the weakest link that need to be educated and incentivized (I prefe...
terminal23.net
it is still not time for pci dss to die – terminal23.net
http://www.terminal23.net/2017/02/12/it-is-still-not-time-for-pci-dss-to-die
Ghosts in the wire (or rock out with your hack out). It is still not time for pci dss to die. February 12, 2017. Just like every breach, I’d love the full, un-redacted story from infection to discovery so I can gauge how truly impressed I may or may not be.). One comment I noticed was asking if it’s time to ditch the useless PCI framework and get back to real security? That’s a good question, and an easy answer for any company that is already enlightened about digital security. Third, some of these check...
SOCIAL ENGAGEMENT