Archive for

Cybersecurity – General

Journey of Learning: Brute Forcing Stuff

Posted: July 22, 2021

There is a time for subtly evaluating a target, spotting a potential vulnerability, and quietly exploiting it to accomplish a goal.  There are also times when it is fun to swing the big meat axe to obliterate obstacles with overwhelming force.  This is part 5 of my Journey of Learning, if you ...

Continue Reading

Journey of Learning: Learning to Love the Scary Stuff

Posted: June 24, 2021

Hi again, welcome back!  This series is about the things I am learning on my way to the OSCP exam.  This is part 4, and if you would like to see the previous posts, you can do that here.  In my last post, I said that I was going to be writing about kernel exploits next.  Kernel exploits are ...

Continue Reading

Journey of Learning: File Uploads

Posted: May 27, 2021

Welcome to the third installment of my Journey of Learning.  This series is a look into my studying and preparation for the OSCP exam.  If you missed the previous story, you can catch up here.  The ContentOverload application I am building to explore some of the exam topics has some new ...

Continue Reading

Security Assessment 101: Planning a Successful Security Assessment

Posted: May 13, 2021

It’s important to evaluate your security posture and identify areas that need improvement, but a successful security assessment does not happen on accident. Have you ever wondered what goes into planning a security assessment? There is no “one-size-fits-all” security assessment strategy. ...

Continue Reading

Journey of Learning: Server-Side Template Injection

Posted: April 30, 2021

Welcome to my journey of learning.  This series is about my preparation for the OSCP exam.  More specifically this series is about how I use the things I am learning for my CTF hobby in my role on the Data Analytics team here at Set Solutions.  If you would like to know more about how this got ...

Continue Reading

Best Practices and Effective Vulnerability Management Strategy

Posted: April 1, 2021

Vulnerabilities are a fact of life. It’s an imperfect world. There is simply no way to avoid them. Fortunately, vulnerabilities can be detected, and resolved or mitigated to remove or limit the risk they present. The goal is not to try and achieve a world with zero vulnerabilities—the goal is ...

Continue Reading

A Journey of Learning: Introduction

Posted: March 23, 2021

I have spent a lot of time around security professionals, but I am not sure that I would consider myself one of them. Maybe a better way to say that is that I am a not traditional security professional.  In a field as diverse as information security, maybe the idea of a traditional security ...

Continue Reading

Developing a Risk Based Vulnerability Management Program

Posted: March 11, 2021

There are many vectors for an attacker to penetrate an organization. The method of taking advantage of vulnerabilities in an environment is one of the common vectors for an attacker. I have had an opportunity to work with some of the vulnerability assessment tools; they are not listed in any ...

Continue Reading

One Does Not Simply Hack APIs… Actually, One Probably Does

Posted: February 12, 2021

Geek Alert Before you read further into this first blog post of my two-part series, be warned that I am about to make analogies comparing Web API security to the epic fantasy trilogy The Lord of the Rings by J.R.R. Tolkien. Yes, I am unapologetically going full geek in this short series. One ...

Continue Reading

SolarWinds Sunburst

Posted: January 26, 2021

Background If you work in Information Security, Technology, or even if you are just a person who stays up to date with recent news headlines, you probably already know about the “Sunburst” hacking fiasco that came to light at the end of December 2020.  I use the term “fiasco” ...

Continue Reading