Hey guys and gals of the security community. James Fitts here, I’m the new guy on the block over at SecurityAegis.com. I’ll be blogging and helping out with some of the projects we have going on. But enough about me, lets get down to the meat and potatoes. We launched the Open Pentest Bookmarks Collection [...]
New project a few buddies and myself have started: The Open Penetration Testing Bookmarks Collection …is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed [...]
In the last few weeks I’ve been refreshing on mobile hacking, unknown protocols, non standard apps, and runtime analysis of binaries. Nothing new for a tester, but I remembered last years Security Bsides Las Vegas and a presentation a group called Intrepidus did. I realized how closely related the skillset for cursory malware analysis, mobile [...]
Really thought provoking talk by Colin Ames from Attack Research on meterpreter manipulation of memory and processes (SOURCE Boston 2010). Whitepaper from Blackhat DC here.
A good friend of mine David Shaw recently released his Nessus nbe parsing utility in ruby called nbesort.rb. Nbesort is great, especially for large Nessus scans. It's way more convenient than using the new web gui or viewing the reporting in HTML (old client) for looking at aggregate scan data. Using scripts like this allows [...]
There were a lot of really great talks at Toorcon and two of my best friends, David Shaw of Redspin and Nate Drier of Spiderlabs were kind enough to send me their video and slides. An introduction to the Nmap Scripting Engine by David Shaw: Intro to Nmap Scripting from Securityaegis on Vimeo. Slides: http://www.securityaegis.com/nse.pdf [...]
Thanks to everyone at Toorcon who attended our talk: “Pentestng with Burp Suite, Taking the web back from automated scanners” When making the slides and presenting them in our hotel room we realized going through everything we wanted to was not feasible in 20min. So, keep an eye on twitter to see updates and [...]
Review: Advanced Penetration Testing (APT) This year I had the opportunity to take a few stellar instructor-led training courses, one of which was Joe McCray's "Advanced Penetration Testing: Pentesting High Security Environments" course from his training entity LearnSecurityOnline. Since I'm already doing pen testing full time I feel like it's a tremendous opportunity to see [...]
Today I rebuilt my Windows 7 partition. Amidst flurry of backing up I forgot to save my Firefox profiles. I figured this was a good time to review what I use addons-wise for all my day to day hacking needs. First things first, most of these addons will have compatibility issues. To update a Firefox [...]
Every year we head to the desert to learn the newest attack/defenses in the world, to share groundbreaking ideas… but not least of all, to have some fun! Who? When? (July) Time Where? Link/RSVP Why? ModSecurity Happy Hour Wednesday 28th 4-6pm munchbar @ Caesar's Palace open to anyone modsecurity is awesome MAD & [...]