Michael J. Conway

While testing a web application, does it give you debugging information? Does it present a stack trace? Or does it give you a generic error message? That is what that check is looking for. Sometimes web applications leave debug set to true when they get moved to production. The result is that a user is given the stack trace when an error is…[Read more]

This may sounds dumb but did you bother to patch the system after doing a clean install? Chances are that if all you did was a clean install, you left the same hole in place that your mischievous friends used in the first place.

With that said, I am not a Mac guy. However, there are some things you can do regardless of the system you use.…[Read more]

There is no right answer to this. I came out of the operational military side of things without a back ground in computers. I spent more time in physical security, particularly with how it relates to aircraft. I picked up cybersecurity when I went back to school for my bachelor’s and focused on it with my master’s. While the degrees helped to…[Read more]

Along the same lines as my previous post about alternatives, the NSA has released one of their custom built tools to the public. I haven’t tried it yet, but am planning to in the near future. If you are interested go check out GHIDRA 9.0. Happy bug hunting!

https://thehackernews.com/2019/03/ghidra-reverse-engineering-tool.html
https://ghidra-sre.org/

Aside from a busy end to last year and a busy start to this year, my plan is still in something of a flux. I really need to put a date on the calendar for the ITIL exam if to do nothing ore than force me to study. After that and looking at what the EC CHFI and the eLearnSecurity version, I am probably going to go that route. After that, things…[Read more]

Doc,

I love this article and it goes nicely with what I have experienced over the last decade that I have actively worked in InfoSec. What I find amazing is that we really don’t do basics well. We still think of our networks in terms of the old castle analogy. The firewall is the drawbridge to get into the castle and we thing that building a…[Read more]

This is a great read and I thoroughly enjoyed it. In 98, I went to basic and missed this completely. On the federal side of things, I think we have made more progress towards secure systems, particularly in the DoD. We still have a ways to go as cybersecurity still feels like a bolt on at times but I think it is getting better. This is thanks…[Read more]

I love the brain dump on BOFs. I was at a company sponsored class over the summer and wrote an exploit for Adobe flash the same way you just did. I hadn’t done one of those in a while and forgot how much fun it really is. For the class we had access to IDA Pro as well as another tool similar to the old Ollydbg, x64dbg. And while those tools…[Read more]

Rey,

I just finished your blog post. One question though: where/what industry are you looking to work in? My background is DoD so I tend to look at 8570 to see what the baseline certifications are and work from there for certifications and training to pursue. And yes, it has been my experience that for somethings, you cannot beat hands on.

Thanks