Category Archives : Exploitation


Burp-isms: “Received Fatal Alert”

So you received the dreaded Portswigger Burp “Fatal Alert”?? Mooo hah hah ha… Yes I have too. In fact with more recent versions of Burp “.25” on, I have found many annoying SSL failures that have lost a lot of time on projects. NOTE TO Portswigger: Stop with the SSL games. Fix your product so […]

Burp_SSL_Options

Coding for Security – Some Developer Pitfalls

Over the next few weeks, I will be releasing some teaser information from my talk, “Secure Coding: What “Bad Guy” Wants You To Do”. Its an hour talk I am available to give to any organization. Please contact me to book a time. Background… This talk takes a less traditional approach to talking about secure […]


Good technical article on the hazards of HID (Human Interface Devices)

Below is a link to a good (technical) article on some of the new nefarious things one can do by using HID (Human Interface Device) vectors. For those of you non-technical (and maybe even a few technical) types, gone are the days where USB and other storage media drives were the “hack” of the day. […]


RTSP Brute Forcing for fun and naked pictures?

RTSP… Real Time Streaming Protocol… is a protocol largely ignored these days. Once the infrastructure relied upon in the early days of multimedia (Video) and developed by RealNetworks, RTSP resides largely in the background of common protocols we pay attention to as InfoSec professionals ┬áthese days. Typically found on port 554, RTSP is still a […]