Archive for the ‘Uncategorized’ Category

Defcon 15 videos released early

Thursday, September 6th, 2007

DefconA good friend of mine named Eric Jenko, who is also in web application security, sent me a link this morning to RoySAC’s blog that contains videos of Defcon 15. Now Defcon does release videos of their presentations but it does take them some time to do so. Luckily Carsten over at RoySAC is nice enough to rip these videos from DVD and share the content. I don’t know if this is legal or not but keep the open spirit Carsten.

Scan for Blank Admin Passwords without Commercial Software

Tuesday, August 7th, 2007

I’ve seen blank administrator passwords at every organization I’ve worked. Without fail there will be some user that manages to get a PC onto your network without setting a password. This type of scenario opens up Pandora’s box into the number of vectors that could be created. Once a malicious user has control over a machine on your network its essentially game over. So as someone with security and risk management in mind you want to periodically scan for such activity, but your organization isn’t gonna spring for some fancy tool. Luckily this task can be put into a windows script that can check for this condition, see the script below.


I’m back

Thursday, July 12th, 2007

I started this journey back in October of 2006 but took a break because of several reasons. New job, new town, new hosting provider, and last but not least my first child. Just about everything in my life has changed, but its all been for the better. I’m still getting paid to break information systems so that part hasn’t changed. I’ll repost some of my older articles and hopefully future posts will be chock full of hackery and more frequent.