Security via obfuscation: MAC Address

| 0 comments

Every network interface card has a unique 48 bit identifier known as a MAC address. This address is burned into the EEPROM on the card, and often is used by networking equipment to track users as they come and go, frequently associating MAC address to a hotel, credit card, credentials, and so on. In fact, even most consumer gear will record the MAC addresses of all computers that have ever issued DHCP requests to them, and these logs usually cannot be purged. When you combine this with the fact that most Cable/DSL service providers will also record your MAC address …

Continue reading

Using the web application attack and audit framework known as w3af to test your security

| 0 comments

w3af is a Web Application Attack and Audit Framework is an amazing tool that is written in Python and has the capability to find more than 200 defined vulnerabilities. Not only does it look for the usual suspects such as SQL injection, it also handles crawling, bruteforce, authentication, and so much more. There are a number of vulnerability scanners both commercial and open source, but it all comes down to what you prefer. I tend to lean toward the open source community because of transparency, community involvement, and the fact there is zero cost. Unfortunately web applications pose one of …

Continue reading

The Dollars and Sense of Enterprise Access

| 0 comments

This week I attended the 2014 US Business Leadership Network (USBLN) conference in Orlando, Florida where I was honored to speak on the subject of accessibility. I took part in a panel discuss where I spoke with a number of very knowledgeable people from a number of organizations that included Sprint, Verizon, and IBM. I of course represented Northrop Grumman and I focused on policies and procedures around accessibility. If you are interested in this subject, you will find the PowerPoint deck at the end of this post. Today more than ever, we conduct our lives in a digital medium. …

Continue reading

Intelligence and Security Professional Certification

| 0 comments

Next month I embark upon my journey with the Center for Governmental Services at Auburn University to obtain intelligence analytic trade-craft skills essential for analysts in today’s operational environments. My goal is to develop skills in the handling and analysis of locally generated information, intelligence as related to homeland security, and classified and unclassified intelligence generated from the various intelligence communities. This study should prove to be very informative and educational to say the least. The fact that the faculty are former senior intelligence officers and managers from the CIA, DIA, NRO, NSA, State/INR, NGA, ODNI, Military Service intelligence components, …

Continue reading

Tools provide a false sense of accessibility compliance

| 0 comments

When you set out on the journey to achieve accessibility you will naturally turn your attention to tools to help facilitate they journey. If you paid attention, you had noticed that I stated journey and this is for a very good reason. The fact is, today’s websites are not your father’s website, which is to say they is little to no content that is static. The dynamic state of a website means that the content changes at any given interval and for this reason, accessibility is a continuous process. Although the tools are worthwhile and enterprises should procure and use …

Continue reading

Create a custom wordlist using SmeegeScrape for use in forensics or pentesting

| 0 comments

If you working either in forensics or penetration testing you will absolutely come across the need to create a custom word list. You may be thinking to yourself a custom word list is not needed because you have a number of lists that you have created or gathered over the years. I will not argue that have a bag of lists is not needed because I have my own collection as well. I submit to you that if you have a specific target then understanding said target will be useful when it comes to password cracking. For example, if your …

Continue reading