iOS Secure Boot Chain Each step of the startup process contains components that are cryptographically signed by Apple to ensure integrity and that proceed only after verifying the chain of trust.
A developer at work asked a general question to the group: “I’m thinking about using either LastPass or 1Password, anything I should know?” As the team’s newest “Security Guy”, I answered with this brief response:
Since my last post, I’ve left my position with the consultancy. I’m now working for a medium-sized corporation in a senior application security role. One of my many tasks is to contribute to the development of an Application Security program.
This morning, while I was trying to proxy traffic to this site in Burpsuite, I ran across an SSL handshake error. Googling the issue returned this helpful article that got me started on the right path.
I had the need to proxy traffic from Burpsuite to another proxy during web app testing this week. There are a few ways to do this, but this method was the easiest since I already had Burpsuite’s TLS certificate installed.
On a recent engagement I supported the lead by developing a PowerShell payload for a RubberDucky. The gist is that it will run a handful of standard Windows commands and then e-mail the results to a specified address.
Inspired by Jack Daniel’s “Shoulders of InfoSec Project”, this post will be focused on the people and technologies behind one of the most prevalent attacks on web sites: SQL injection.
Unfortunately, I didn’t arrive at the ballroom early enough to get seats, or even standing room, to see this talk in-person:
Ed Skoudis: How To Give The Best Pen Test Of Your Life