Vulnerability Assessment Versus a Penetration Test

The question of whether to do a vulnerability assessment versus a penetration test will probably come up as you look at your security testing plans.  Some folks have a strong preference of one over the other, but both are valid if used appropriately and in the right situation.  Deciding which to use is pretty straight forward.  Let’s just jump into it. Vulnerability Assessment … Read More

Prepare Your Security Testing Program

Most of us would agree that planning ahead beats reacting to developing and unexpected situations.  The nice thing about security testing is that it isn’t hard to plan for.  Even if you aren’t able to schedule a test right now, you can start preparing for when one is needed.  Let’s take a look at a few things you can do right … Read More

Security Testing Blog Post and Video Series

Planning for Security Testing Security testing is critical component of a security program and needs to be done on a regular basis.  However, I’ve noticed that how companies use security testing varies wildly.  Some companies have their testing integrated into their plans for the year.  Their tests are scheduled in advance and they know what needs to be focused on. … Read More

Penetration Testing Services Now Available!

I’m very excited to announce that Paladin Security is now offering penetration testing as part of our services!  For the last 5 years I have been working full time as a penetration tester and consultant at Secure Ideas.  Being a part of this incredibly talented team was exciting and a bit humbling at times.  However, it was time for a … Read More

Penetration Testing Tools and Equipment

Getting started with penetration testing Penetration testing is often looked on as an elite set of skills that only a few can learn.  It’s also thought that expensive equipment and tools are needed to perform a penetration test.  You may think that you can’t get started in it because you don’t have the money to buy the required gear.  It’s not … Read More

The Challenges of Learning Something New

The last six months have been very interesting as I’ve grappled with some ambitious goals and learning some very new skills.  Around October of last year I decided to give online training a try and what a ride it has been.  I’ve had good technical skills for quite a while and I’ve been a professional trainer.  I had already written … Read More

Giving Back and Good Karma

“No man who continues to add something to the material, intellectual and moral well-being of the place in which he lives is left long without proper reward.” Booker T. Washington I know this is primarily a technology related blog, but lately I’ve been thinking about some of the influences and turning points in my life.  I’ve always known that I … Read More

Looking for Malicious PHP Files

I’ve been digging through some PHP files that are trying very hard to hide what they are doing. Basically, the PHP code is base64 encoded and then compressed. The blob of random text is then stuffed into a PHP file which calls eval(gzinflate(base64_decode(“BLOB OF TEXT”))); to decode it and execute it on the web server. While it obscures what the … Read More

Metasploit Breaks into SkyNet!

Metasploit has successfully broken into Skynet thanks to Comodo, RSA, MySQL and Stuxnet! Here is the output from msfconsole after updating today. Rock on guys.

Desktop Blog Editors

I’ve been grumbling to myself about writing blog posts using the web interface in WordPress for quite some time, but I’ve never really done much about it.  Today I spent some time chatting with David Pratt, a colleague of mine, about our blogs.  David runs the Data Management Wonk blog and I liked how his blog posts look when they … Read More