Category Archives: Pentest

Women in Information Security: Carrie Roberts

Posted on by

Last time, I spoke to Katherine Teitler. She’s the director of content for MISTI Training Institute. She also helps run the InfoSec World conference. This time, I spoke with Carrie Roberts. She has a senior red team role with Walmart. She’s also a pretty good cartoonist if I say so myself. Kimberly Crawley: Tell me […]… Read More

The post Women in Information Security: Carrie Roberts appeared first on The State of Security.

The post Women in Information Security: Carrie Roberts appeared first on Security Boulevard.

Continue reading Women in Information Security: Carrie Roberts

Smart Gun Beaten by Dumb Magnets

Posted on by

[Plore], a hacker with an interest in safe cracking, read a vehemently anti-smart-gun thread in 2015. With the words “Could you imagine what the guys at DEF CON could do with this?” [Plore] knew what he had to do: hack some smart guns. Watch the video below the break.

Armed with the Armatix IP1, [Plore] started with one of the oldest tricks in the book: an RF relay attack. The Armatix IP1 is designed to fire only when a corresponding watch is nearby, indicating that a trusted individual is the one holding the gun. However, by using a custom-built $20 …read more

Continue reading Smart Gun Beaten by Dumb Magnets

OSINT & External Recon Pt. 1: Host Discovery – Tradecraft Security Weekly #8

Posted on by

During the reconnaissance phase of a penetration test being able to discover the external assets of an organization is extremely important. It is also important to do so as stealthily as possible. Using open-source techniques and tools it is possible to enumerate an organizations external assets without sending any data directly from your computer system […] Continue reading OSINT & External Recon Pt. 1: Host Discovery – Tradecraft Security Weekly #8

WordPress Vulnerability Discovery and Exploitation – Tradecraft Security Weekly #6

Posted on by

Over 27% of all websites globally run WordPress. This makes WordPress a very highly targeted piece of software. There are numbers of different aspects to consider when attempting to discover vulnerabilities in WordPress. In this episode of Tradecraft S… Continue reading WordPress Vulnerability Discovery and Exploitation – Tradecraft Security Weekly #6

[SANS ISC] HTTP Headers… the Achilles’ heel of many applications

Posted on by

I published the following diary on isc.sans.org: “HTTP Headers… the Achilles’ heel of many applications“. When browsing a target web application, a pentester is looking for all “entry” or “injection” points present in the pages. Everybody knows that a static website with pure HTML code is less juicy compared to a

[The post [SANS ISC] HTTP Headers… the Achilles’ heel of many applications has been first published on /dev/random]

Continue reading [SANS ISC] HTTP Headers… the Achilles’ heel of many applications