Payment Card Industry (PCI) – Recurring Requirements Require Attention!

April 28, 2020
There are certain items contained within the 12 PCI requirements that have to be performed based on defined frequencies. In my experience, companies sometimes struggle with adhering to some if not all of these items. There are a number of reasons that this might happen, whether it’s related to employee turnover, unfamiliarity with the items,...

Breaking Into InfoSec – A Beginners Guide (Part 2)

April 23, 2020
Opening In part one of this blog post series, we covered some personal backstory of my journey into InfoSec, went over putting a plan together for your next InfoSec mission, recommended some InfoSec immersion ideas, and provided some guidance around seeking out a mentor. If you haven’t had a chance to read the first part...

Breaking Into InfoSec – A Beginners Guide (Part 1)

April 21, 2020
Opening In this blog post, I will cover strategies that worked for me while transitioning out of the Air Force (over 20 years ago) having ZERO formalized IT training and ZERO on-the-job-training (OJT) in the field. Although this was a long time ago 🙂 and my path led to an IT position, the preparation and...

Prepare to Write A Scanner Plugin Before Your Next Platform Test!

April 16, 2020
BurpSuite is a remarkably extensible platform. While I have written a number of extensions for testing specific applications, as well as more general extensions, one type of extension I had never attempted before was creating my own BurpSuite Scanner plugin. Because modern applications are increasingly difficult to exhaustively test for certain types of issues, I...

Generating SSH Config Files with Ansible

April 14, 2020
If you like to stand up infrastructure in the cloud using Ansible (like we do), one of the pain points can be getting the new instance IP addresses configured in an SSH config file for easy connecting. This used to be a manual process, but generating these files as part of your playbook is straightforward...

Wanted: Process Command Lines

April 9, 2020
As a Red teamer, the key to not getting detected is to blend in. That means that if I need to spawn a new process on a host, it is important that it looks legitimate with command line parameters that look correct. Many system binaries have a set of parameters when they are executed. This...
  • Browse by Category

  • Clear Form