Windows 10 Spying – Reddit Repost

For those of you who are moving to Windows 10, this Reddit post has a lot of great information on how to disable some of the W10 spyware/nannyware aspects and tools that help. Stopping Windows 10 from Spying? from privacy

RTSP_Discover: Quick and dirty RTSP protocol discovery

In some security testing work, I recently needed to validate 554 ports that were active on the systems. Of course as you know, that port is the default port that the RTSP protocol usually resides on, and is what NMAP and other tools report it as. As you may or may not know, RTSP is […]

Burp-isms: “Received Fatal Alert”

So you received the dreaded Portswigger Burp “Fatal Alert”?? Mooo hah hah ha… Yes I have too. In fact with more recent versions of Burp “.25” on, I have found many annoying SSL failures that have lost a lot of time on projects. NOTE TO Portswigger: Stop with the SSL games. Fix your product so […]


FLACK – A Practical Approach To Application Logging For Security

Introduction Modern development practices have minimized application logging in production environments. Many factors have contributed to this that include: Rapid prototype-to-development practices that ignore adding practical production logging. Myopic focuses on optimized and resource minimal code that consider logging a burden. Comment-less, log-less development styles that focus on pumping out code, not errata. Regardless of […]

Coding for Security – Some Developer Pitfalls

Over the next few weeks, I will be releasing some teaser information from my talk, “Secure Coding: What “Bad Guy” Wants You To Do”. Its an hour talk I am available to give to any organization. Please contact me to book a time. Background… This talk takes a less traditional approach to talking about secure […]

Privacy Alert: Tails is no longer secure

Quick privacy alert… Tails, a privacy platform recommended by Bad Guy Fu in the past, should no longer be considered secure or private. It is better than nothing, but a recent set of findings from the team over at The Palinopsia Blog have discovered some insecurities in the virtual machine platforms that can lead to information leakage […]

Good technical article on the hazards of HID (Human Interface Devices)

Below is a link to a good (technical) article on some of the new nefarious things one can do by using HID (Human Interface Device) vectors. For those of you non-technical (and maybe even a few technical) types, gone are the days where USB and other storage media drives were the “hack” of the day. […]

SSRF Cheat Sheet

OnSec has provided us with a great explanation, mini tutorial and cheat sheet for SSRF. As you know SSRF stands for server-side request forgery, which simply means the forgery attack emanates from the server side. These attacks can be multidimensional and extremely vicious. Read more here… SSRF Cheat Sheet

RTSP Brute Forcing for fun and naked pictures?

RTSP… Real Time Streaming Protocol… is a protocol largely ignored these days. Once the infrastructure relied upon in the early days of multimedia (Video) and developed by RealNetworks, RTSP resides largely in the background of common protocols we pay attention to as InfoSec professionals  these days. Typically found on port 554, RTSP is still a […]