After staying with some of my local Vegas friends during BlackHat, I went over and checked into the Riviera for DEFCON 17 on Thursday afternoon. After dropping my bags in my room and getting my temporary paper badge because they were already out of the electronic badges, I ran back up to my room for […]
Last week and through the weekend I was in Las Vegas for this year’s annual block of hacker conferences, BlackHat USA and DEFCON. This year was a bit different for me as my employer no longer covers conference expenses (even if you’re speaking!), so since I was there not representing a company and entirely on […]
Todd Manning and I have a new whitepaper available over at BreakingPoint on simulating Distributed Denial-of-Service (DDoS) attacks using the BreakingPoint product. You can read more about the paper in my BreakingPoint blog post, or just grab the paper here. If you’re a BreakingPoint customer, you’ll want the bundled version which comes with test cases […]
When a book is so well-received by your peers as The IDA Pro Book has been, even if reverse engineering isn’t a huge part of what you do every day, you pretty much have to give it a read. The creator of IDA Pro, Ilfak Guilfanov, even recommends it himself for a number of reasons, […]
Most that know me know that I’m an avid gamer. I play video games, board games, card games, puzzles, pretty much anything I can get my hands on. Because I like puzzles and strategy games, I’ve regularly been asked what I think the most strategic game I’ve ever played is, and I’ve gotten more than […]
First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months. It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions. What I’m […]
A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers. Since then, many other vendors have followed suit. There are opinions and arguments supporting both a release schedule philosophy as well […]
I’m not going to talk about their underlying quest to end the Federal Reserve (with which I wholeheartedly agree), or about their multi-site raid by the FBI last year where all of their current inventory and all of the metals backing the Liberty Dollar warehouse receipts (paper currency) were confiscated. No, I’m not going to […]
It’s common understanding these days that the more factors of identification that a user has to provide to an authentication system, the more trustworthy and secure it likely is. Single-factor authentication is usually accomplished by providing something you know, like a password or PIN number. As two-factor authentication became more and more mainstream, the two […]
For the last week or so, I’ve been tasked with implementing Application Simulators in the BreakingPoint product for the OWAMP and TWAMP protocols, RFC 4656 and RFC 5357, respectively. These are honestly two of the most poorly written protocol specifications that I’ve ever read. Luckily, they’re rather short. Not only are many parts vague and […]