I am very surprised that people, still today, do not have sufficient knowledge of the existence of password managers. They make IT life so much easier for us! Think about what us security people are preaching: “You need to have a unique password for every single account”. That’s pretty rough demand, especially if the password […]
Author: Chris Dale
Video demonstration: Local File Inclusion going for Code Execution (Shell)
I’ve just done a video demonstration for SANS Spectacular Pentest Video Contest. I hope you enjoy it!
Security Management for 2014
Security seems to be, for many, the idea of keeping everything clinical clean, not getting hacked and preventing introducing new risk to the equations. Well guess what, there’s no such thing as clinical clean in security, and I hate to break it to you, but IT security is about minimizing loss and reducing risk. It […]
Repeating success; Hacking Techniques, Exploits & Incident Handling January 2014 in Bergen (Norwegian)
Kurset som avholdes er det meget kjente “SEC504: Hacker Techniques, Exploits & Incident Handling” utviklet av den velkjente sikkerhetsguruen Ed Skoudis. Kurset gir studenten god ryggdekning til å bli sertifisert ved å bestå GCIH eksamen(GCIH – GIAC Certified Incident Handler). Det er et meget bra kurs som mange kan ha nytte av, spesielt dem som […]
Setting up backup for a headless LAMP stack using Dropbox
I currently run a LAMP stack, and I was in the need of a simple automatic backup process for my websites. This article will show you how you can easily implement backup for the services implemented through Dropbox, crontab and with a retention period to avoid running out of storage space.
My reflections as a CISO
Stepping into the management role can be a daunting task. In this article I will do my best in explaining how my experience has been, going forward as a Chief Information Security Officer (“CISO”).
3 pin lock picking
These types of locks, with 3 pins, are good for newbies to learn lock picking.
Why it’s easy being a hacker – A SQL injection case study
Finding SQL injections today is like picking apples from an apple tree. It’s very easy, and anyone can do it. Ask any hacker you want, SQL injection is everywhere. There have been many folks predicting the end of SQL Injection, however, year after year we see it in the OWASP Top 10.
Is social engineering an actual threat?
A question was raised on a security community (security.stackexchange.com) on whether or not social engineering is still a threat. The question refers to Kevin Mitnick’s book from 2002: “The Art of Deception: Controlling the Human Element of Security“. The person writing the question asks if we shouldn’t be immune to these types of attacks and techniques after […]
SANS Hacker Techniques, Exploits & Incident Handling kommer til Bergen! (Norwegian)
I 2013 tilbyr SANS mentor basert studium her i Bergen, oppstart 6. Mars. Kurset som avholdes er det meget kjente “SEC504: Hacker Techniques, Exploits & Incident Handling” utviklet av den velkjente sikkerhetsguruen Ed Skoudis. Kurset gir studenten god ryggdekning til å bli sertifisert ved å bestå GCIH eksamen(GCIH – GIAC Certified Incident Handler). Mentor er […]