After a few false starts we have the knowledge base up and running, the goal is to put 3 or 4 new entries per week. If you have suggestions for a technique or tool to feature let us know. Tell us how to use it and we’ll even credit it to you.
If you haven’t noticed we’ve been publishing more content lately. Partly, this is because we had a lull in the schedule to actually get things done and we also had a bunch of half finished stuff that we focused on getting done.
Here are the things you will see soon.
The last recon-ng installment, this one is exciting because it is the actual nuts and bolts
Relatively soon, some of these are half done some are nothing more than a title and vague idea at this point.
Phish Stories, I once wrote a post [———- THIS ———-] big
OSINT Tutorial for Dimitry
Penetration Testing Trade Craft
Not as soon.
Tool Usage Wiki, this is the equivalent of letting someone watch you make the secret sauce
We have been so busy that we haven’t been getting content onto the website. Here is a quick rundown of what is going on.
We are giving the keynote address on emerging threat trends at New Mexico Technology in Education November 20th. http://nmtie.net/2014-conference/
We will be presenting ‘Why you don’t need a pen test’ to the Albuquerque Chapter of ISACA on December 9th. http://www.eventbrite.com/e/why-you-dont-need-a-penetration-test-plus-sandworm-demo-tickets-14154631885?aff=eorg
And because we hate free time we are partnering with Albuquerque Health Care for the Homeless to provide a vulnerability assessment of their network. Being part of the InfoSec community is important, but helping those in need in our local community is part of being a good citizen.
Once all the dust settles, we will be posting more tutorials and content.
With the SandWorm 0day (CVE-2014-4114) and POODLE being released this week we are working on integrating it into our testing as well as developing good mitigation for our clients. We had discussed internally how Heartbleed would probably focus other researchers on SSL and it seems to be holding true. We also think that Shellshock with lead to a number of other parsing vulnerabilities being found in other shells and operating systems.
Just disclosed an 0day to Samsung. Not a super cool hack but solid web app pen testing carried the day. Excited to get to publish details in the near future.
Secure Network Management is moving to new hosting and a new content management system. While we rebuild, excuse all the stray 1’s and 0’s.