Sometimes you have to throw someone off a terminal, but at the same time preserve the evidence on the terminal. For example if someone is using a terminal to hack something, and you need to secure the running terminals to capture the commands that has been run. It is quite simple to accomplish this, as […]
Author: Chris Dale
I'm Chris Dale from Norway, founder and principal consultant at River Security (https://riversecurity.eu/). Along with my security expertise, I have a background from system development and application management. Having a vast and broad experience in IT certainly help a great deal when working penetration tests and incidents.
I am an open, sharing and engaging person to be around, some even think I'm funny. I am usually enthusiastic and motivating when I work, and usually positive and optimistic about the general problems I encounter. I am passionate about security, both IT and physical security, which is one of the reasons I do a lot of public speaking at different events such as classes, conferences and workshops.
Driven by mottos such as "Magic is just science we don't understand yet" and "Think bad, do good", I attack today's security challenges with eagerness and enthusiasm. I consider myself a pragmatic person, with the ability to think outside the box, keeping the business in focus.
I also teach for SANS. My primary class I am teaching is Hacking Techniques, Exploits & Incident Handling. This course prepares you for the GIAC Certification in Incident Handling (GCIH). I find it extremely motivating and fun to teach others the art of security and hacking, and I often find that my passion and enthusiasm rubs off on my students.
SANS Holiday Hack Challenge 2016 write up
Brilliant CTF by Counter Hack team as usual. Tons of good fun, awesome challenges and a great story to go with it. Whats not to like? Here’s a quick write-up on the answers I produced on the 2016 challenge. 1) What is the secret message in Santa’s tweets? I wrote a simple Javscript to extract […]
Finding files and grepping for information
Sometimes you have to find interesting files, then grep through those specific files dynamically. With Linux this is as easy as: find . -name <file> -exec grep -i -H <match> {} \; This will simply recursively look for files you want to find, e.g. *.txt, and for each file found, grep that file for whatever […]
Slow DNS enumeration
Fierce is an excellent tool for doing DNS reconnaissance, i.e. querying the DNS server for potential domain names to be revealed. I’ve seen some setups where the enumeration has gone horrible slow. If your DNS enumeration tool is going slow, fire up tcpdump and inspect the DNS traffic. tcpdump -i <interface> -nn port 53 Normally […]
Hassles and concerns upgrading from Windows 10 Home to Pro
Windows 10 Pro supports some features that are nice to have, especially if you like to take advantage of more features of your OS than the Home edition allows for. Windows store changes my local account to an online account The Window shop application requires you to sign in with your MSDN account. Once you’ve […]
Phish claiming your domain is about to be registered on Asian TLD’s
If you get email from someone claiming that your domain is about to be registered on Chinese and other Asian top-level-domains, don’t worry. This is very likely to be a scare tactic to get you to buy their domain for a high price. Ignore it, and move on. Heres an example: Dear CEO, (If you […]
Cipher and Password Bruteforcing with OpenSSL
Ever had to crack something, but you don’t know the cipher? Sometimes the encrypted text gives you clues on which encryption algorithm has been used, but not always. For those cases, it might be useful with the script I am talking about in this post. Bruteforcing the cipher type might be the only way to […]
Guest blog at pen-testing.sans.org – Azure 0day Cross-Site Scripting with Sandbox Escape
My guest blog post over at SANS’s pen-testing blog went live. Hope you like it! Check it out here: https://pen-testing.sans.org/blog/2016/08/19/azure-0day-cross-site-scripting-with-sandbox-escape
Hacking in 2016 – How are our systems broken?
A presentasjon I did for Norwegian Developer Conference on attacking systems. Lots of demos!
Rapid android application pentesting
This is a quick guide to get started with Android application testing. I wont delve into details of testing, but instead cover what is necessary to do in order to get started. The topics I go through are: Get a hold of an Android device through emulation or physical device Find and download the APK […]