This Blog lives again!
During the last year this blog (and podcast) was put on hold to deal with the acquisition of NT Objectives by Rapid7. I was highly occupied with […]
OWASP AppSec California Recap
I spent the week at OWASP AppSec California in Santa Monica and had a great time! This is the 2nd year of having the event at […]
C’mon back to Cali! OWASP AppSec California This Week!
I’m looking forward to seeing everyone next week at OWASP AppSec California in Santa Monica and hearing some of the great talks planned, but I’m […]
AppSec Cali: Hackazon – Stop Hacking Like It’s 1999!
I’m looking forward to reconnecting with everyone next week at AppSec California. I hope you’ll join me for my talk, Hackazon – Stop Hacking Like […]
HOFFL 2014 Championship
The season is finally over! 12 managers entered, 16 weeks later one emerged as the champion. This year’s champion dominated the season and entered the playoff’s […]
HOFFL 2014 Playoffs Week 2
The season is nearly over, and this week was exciting sets the stage for an interesting final week. Playoff week 2 winner bracket review: #1 @dan_kuykendall […]
HOFFL 2014 Playoffs Week 1
This season of the Hackers Only Fantasy Football League (HOFFL) has been great. We have had some crazy results and many surprises throughout the season. The regular season is over, so its time to give a summary of how the season went as well as covering the first week of the playoffs.
Mass Scanning the Internet – DefCon 2014 (Talk Summary)
This talk, Mass Scanning the Internet at DefCon 22, piqued my interest as we at NTO are very fundamentally concerned with gathering massive amounts of security assessment data from a web application and so a perennial nemesis for us is memory management. So reading the brief, I thought, wow, these guys (Rob Graham, Paul McMillan, Dan Tentler) are scanning the whole internet. I might get some memory management ideas.
Taking Aim at Google’s Firing Range
This week a developer from Google released a new vulnerable test app named “Firing Range” which I have been digging into for the last few […]
Low-Tech Ways of Detecting High-Tech Surveillance by Dr. Philip Polstra (2014 DEF CON Summary)
I must confess to whomever it is relevant to do so (only God probably and He is likely bored with confessions by now) that I […]
Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing (OWASP AppSec USA 2014 Preso Review)
At the recent OWASP AppSecUSA in Denver, Daniel Peck of Barracuda Networks put together this presentation for those interested in phishing detection, or for anyone […]
Mobile Security Attacks – A Glimpse from the Trenches (OWASP AppSec USA 2014 Preso Review)
At the recent OWASP AppSecUSA in Denver, Yair Amit and Adi Sharabani of Skycure presented a very informative overview of mobile security issues. There was […]
2014 HOFFL Mid-season Update
We are about mid-season into this years Hackers Only Fantasy Football League (HOFFL) and its time to give everyone an update. Unlike last year when I […]
Shellshock Bash Bug – 8 Important Lessons
While Shellshock has been all over Twitter and talked about on prominent news outlets, I’m still shocked that there is comparatively less press coverage than […]
The Bash Bug, In a Nut-Shellshock
As you probably know by now, a bug, named Shellshock or “The Bash Bug” has been discovered in a version of Bash, which is a […]
Are You Ready for Some (Fantasy) Football?
The 2nd annual Hackers Only Fantasy Football League is back! The HO-FFL is a great way for us IT security professionals to enjoy some time […]
Why the Bitcoin Intrinsic Value Complaint is Irrelevant
In the aftermath of the Mt. Gox meltdown and subsequent bankruptcy filing, I have been reading a lot of commentary on Bitcoin. Even Paul Krugman […]
HO-FFL 2013 Wrap up
The season is over! It was fun to play with all that participated and I got to have some fun conversations about football & the […]
An Open Letter to Barack Obama: If You aren’t Sure of Health Exchange Security, Shut it Down Now
Stability in Only the First Issue – Security Will Be Healthcare.gov’s Real Achilles Heel There has been a significant amount of attention to the the […]
If at first you don’t succeed, you’re hosed: The criticality of authentication in web scanning
We appreciate Kevin Beaver’s recent blog post about NTOSpider’s unique ability to authenticate on some of the trickiest applications and stay properly logged-in throughout the scan. At NTO we take pride […]