Mr. Robot

| 0 comments

If you’re a geek like myself then you have probably seen many television shows that fall flat dealing with the topic of cyber security in this day of the Internet of things. Two shows that I watched were Scorpion and CSI Cyber and both of them made me laugh. I mean listening to the cast speak all the correct buzz words and having flashing gadgets does not make a great, or even good television series. If you have not seen either of these shows, give the following trailers a watch. Scorpion Trailer CSI Cyber Trailer Mr. Robot With the release …

Continue reading

Creating a proxy chain in Linux

| 0 comments

There obviously are time that you may want to make use of a proxy server in order to provide yourself a level of anonymity that you may otherwise no have. Proxies also provide benefits in terms of restricted content that may be filtered with your region or country. Think of it this way, if YouTube is blocked in the Middle East then a proxy may help you to overcome that block. Now to be clear a proxy server also helps to increase performance by storing a copy of frequently used webpages. When a browser requests a webpage stored in the …

Continue reading

Security via obfuscation: MAC Address

| 0 comments

Every network interface card has a unique 48 bit identifier known as a MAC address. This address is burned into the EEPROM on the card, and often is used by networking equipment to track users as they come and go, frequently associating MAC address to a hotel, credit card, credentials, and so on. In fact, even most consumer gear will record the MAC addresses of all computers that have ever issued DHCP requests to them, and these logs usually cannot be purged. When you combine this with the fact that most Cable/DSL service providers will also record your MAC address …

Continue reading

Using the web application attack and audit framework known as w3af to test your security

| 0 comments

w3af is a Web Application Attack and Audit Framework is an amazing tool that is written in Python and has the capability to find more than 200 defined vulnerabilities. Not only does it look for the usual suspects such as SQL injection, it also handles crawling, bruteforce, authentication, and so much more. There are a number of vulnerability scanners both commercial and open source, but it all comes down to what you prefer. I tend to lean toward the open source community because of transparency, community involvement, and the fact there is zero cost. Unfortunately web applications pose one of …

Continue reading

Intelligence and Security Professional Certification

| 0 comments

Next month I embark upon my journey with the Center for Governmental Services at Auburn University to obtain intelligence analytic trade-craft skills essential for analysts in today’s operational environments. My goal is to develop skills in the handling and analysis of locally generated information, intelligence as related to homeland security, and classified and unclassified intelligence generated from the various intelligence communities. This study should prove to be very informative and educational to say the least. The fact that the faculty are former senior intelligence officers and managers from the CIA, DIA, NRO, NSA, State/INR, NGA, ODNI, Military Service intelligence components, …

Continue reading