Who ever said “work smarter, not harder” obviously had a Shodan account.  This is a little story of how I managed to run a relatively simple audit against the company I work for in under 15 minutes.  Again, if you haven’t read my blog post on the basics of Shodan, I would highly recommend giving […]

Considering the massive response I got from the last post about Shodan, I figured I should do a follow up.  Thank you to all who re-tweeted the link, and a big shout out to John Matherly, founder of Shodan, for the publicity.  Bro of the year.  If you haven’t read through my last post, I […]

So let me tell you about a little thing called Shodan.  To put it simply, this terrifyingly beautiful website is a search engine for the Internet of Things.  It’s powerful, thorough, and just downright fun to play with.  Shodan will take your search and discover all devices connected to the internet related to the query. […]

I know how hard it is for recent college graduates to snag that first big interview, so a big congratulations to you. That’s the first step to entering the cyber security profession.  I also know how intimidating it can be trying to prepare for it.  I figured I’d share some of the experiences I’ve had […]

Buckle up, this is going to be quite the ride.  Burp Suite is a web application penetration tester’s bread and butter, a powerful suite of tools that covers everything you could ever want, need, or dream.  I’ll do my absolute best to cover everything in depth, but there’s quite a bit. Here’s a quick list […]

I apologize ahead of time if I start to ramble through this post.  Script injections are major vulnerability in web applications due to the variety of attacks that can result from one injection point and there’s a lot we can talk about.  If we take a look at the Verizon Data Breach Investigation Report, we […]

I recently covered a few sections from the Verizon Data Breach Investigations Report (take a look if you haven’t already).  I also mentioned another one of my favorites, the WhiteHat Security Website Security Statistics Report.  This report gives an insightful overview of a constantly evolving and frequently targeted attack vector, web applications.  Ignoring my strong […]

For those of you who are new to the topic, multi-factor authentication is a security system that requires more than one method of authentication from different categories in order to verify the identity of a user.  MFA is becoming increasingly popular (if not necessary), especially when looking at the data presented in the Verizon Data […]

At this point, I think it’s a relatively well known fact that passwords should be hashed in storage.  If you or your development teams are storing passwords in plain text, the keys to every user’s kingdom are sitting there begging to be stolen.  Really, all it takes is one little SQL injection to expose every user’s password […]

I remember during my senior year of college the struggle and confusion surrounding where to start my career.  Luckily, I had a very helpful professor who gave me an overview of the different paths a security professional can take.  As I started my career, it became apparent that it wasn’t as simple as he explained. […]