Website Update

If you haven’t noticed we’ve been publishing more content lately. Partly, this is because we had a lull in the schedule to actually get things done and we also had a bunch of half finished stuff that we focused on getting done.

Here are the things you will see soon.

The last recon-ng installment, this one is exciting because it is the actual nuts and bolts

Relatively soon, some of these are half done some are nothing more than a title and vague idea at this point.

Weaponized Boredom

Phish Stories, I once wrote a post [———- THIS ———-] big

OSINT Tutorial for Dimitry

Penetration Testing Trade Craft

Not as soon.

Tool Usage Wiki, this is the equivalent of letting someone watch you make the secret sauce

We have been so busy that we haven’t been getting content onto the website. Here is a quick rundown of what is going on.

 

We are giving the keynote address on emerging threat trends at New Mexico Technology in Education November 20th. http://nmtie.net/2014-conference/

 

We will be presenting ‘Why you don’t need a pen test’ to the Albuquerque Chapter of ISACA on December 9th. http://www.eventbrite.com/e/why-you-dont-need-a-penetration-test-plus-sandworm-demo-tickets-14154631885?aff=eorg

 

And because we hate free time we are partnering with Albuquerque Health Care for the Homeless to provide a vulnerability assessment of their network. Being part of the InfoSec community is important, but helping those in need in our local community is part of being a good citizen.

 

Once all the dust settles, we will be posting more tutorials and content.

With the SandWorm 0day (CVE-2014-4114) and POODLE being released this week we are working on integrating it into our testing as well as developing good mitigation for our clients. We had discussed internally how Heartbleed would probably focus other researchers on SSL and it seems to be holding true. We also think that Shellshock with lead to a number of other parsing vulnerabilities being found in other shells and operating systems.