January 19, 2012

Stuff I learned while writing a CTF

Posted in education, infiltrate, Pen-Testing tagged at 16:04 by Alex McGeorge

This blog entry talks about some of the lessons I learned running the WebHacking class for Infiltrate 2012 which included a WarGame/CTF style hootenanny on the final day.

To be clear, I didn’t write the entire thing myself, I had a ton of help. Many Immunity folks contributed to this class in their spare time while also doing consulting or other work. So high fives to the following hombres in alpha order: Admin Team (Carissa and Vanessa), Chris, Dami, Dave, Justin, Leonardo, Matias, Mark, Miguel and Nico

Word Count: ~2000
Read the rest of this entry »

October 12, 2011

Book Review: Reamde by Neal Stephenson

Posted in Book Review, Pen-Testing tagged , , , , at 16:22 by Alex McGeorge

I recently finished the latest Neal Stephenson book, Reamde. I really enjoyed it, stylistically I think it is most similar to Cryptonomicon and is definitely an improvement (for me) over Anathem. The book does incorporate some realistic hacking plot devices to further the story. All of my complaints are really pedantic, which is to say Stephenson executed the hacking bits very well and they do not detract from the story. My review is going to focus on those pieces of the novel. A more in depth technical look that probably contains spoilers is below.

Word Count: ~1000
Read the rest of this entry »

August 29, 2011

Personality Traits for Pen-Testers

Posted in Pen-Testing, Psychology at 16:40 by Alex McGeorge

I recently had occasion to think about some personality traits that make can good pen-testers.

Words: 486

Read the rest of this entry »

August 1, 2011

Commercial Exploits: Documentation

Posted in Exploits, Pen-Testing at 16:47 by Alex McGeorge

I look at exploits a lot in my day-to-day, I also QA a lot of exploits both internally and for others. This is part 2 of a series on what makes a good commercial exploit.

Word Count: ~500
Read the rest of this entry »

June 29, 2011

Problems with Pen-Testing

Posted in Pen-Testing at 23:44 by Alex McGeorge

Everyone loves to have a whinge about what’s wrong with pen-testing. I’m no exception and I do it in less than 500 words.

Word Count: < 500

Read the rest of this entry »