Introduction In this blog post we will look at some of the differences between a several of the most widely used Debuggers/Disassemblers.  This post is by no means exhaustive.  It is meant ...

Remember those good ole days in the sandbox? Where you threw stuff around learned where the sand goes and… doesn’t go? Well we’ve graduated from the sandbox, but our hearts and minds ...

Today HD Moore and Rapid7 announced that Rapid7 has purchased the Metasploit Framework Project. The speculation around this has taken the pentest and vulnerability scanning community by storm. After talking with some ...

Today I rebuilt my Windows 7 partition. Amidst flurry of backing up I forgot to save my Firefox profiles. I figured this was a good time to review what I use addons-wise ...

Pentesters love passwords. It’s great for us that the keys to the kingdom lie in something the user usually chooses and most often chooses insecurely. Wikipedia tells us that “A password is ...

So you’re on a social engineering test… and you need to target some users for spear phishing. Previously we’ve used theHarvester and metasploit for this, but I’ve now fully switched over to ...

Bruting web forms usually is part of a web app assessment. We love to use Hydra, Medusa, or Wfuzz for this but we recently stumbled across a tool that makes it much ...

This blog is a cursory breakdown of defeating less advanced jailbreak detection code. There are several ways to employ jailbreak detection in a security conscious mobile  application. Many of easier-to-defeat methods involve checking the iOS file system to ...

Web application firewalls (WAF’s) are part of the defense in depth model for web applications. While not a substitute for secure code, they offer great options for filtering malicious input. Below is ...

You think you’ve come, you’ve seen, and you’ve conquered all the training in the pentest field? Think again. J0e McCray, Learn Security Online creator, has brewed up a new course to address ...