Skip to main content

May 22, 2017

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 19

Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g. plans, def...

See Details

October 29, 2014

Common Web Application Vulnerabilities - Part 1.3

In Part 1.1 and Part 1.2 of this series on XSS, I presented an overview of the vulnerability as well as exploitation and details of two specific varie...

See Details

October 28, 2014

Common Web Application Vulnerabilities - Part 1.2

In the first part of this web application series, I discussed the basics of XSS and dug into one particular classification - reflected XSS. I provided...

See Details

October 26, 2014

Common Web Application Vulnerabilities - Part 1.1

While Cross-Site Scripting (“XSS”) is neither a new nor a particularly exciting class of web application vulnerabilities, it certainly is one of the m...

See Details

September 25, 2014

"Shellshock" Vulnerability in Bash Allows Unauthorized, Remote Code Execution

On September 24, a critical vulnerability - CVE-2014-6271 - was made public. This vulnerability, dubbed “Shellshock,” exposes a weakness in which cert...

See Details

June 20, 2014

Updates to the Lair Ecosystem

Back in 2013 FishNet Security sponsored the development of an open-source, collaborative penetration testing framework named Lair. My former colleague...

See Details

March 04, 2014

All Shellz Breaking Loose

Working in the security assessments team, we perform a variety of engagements aimed at identifying risk among our clients. By far, the most common eng...

See Details

September 06, 2012

Bypassing Antivirus with PowerShell

On a recent penetration test, I ran into a number of challenges overcoming antivirus on compromised machines. Although I had already obtained domain a...

See Details

April 19, 2012

Scripting Metasploit with Python

While performing security assessments for clients, I occasionally encounter circumstances where I'd like a little more flexibility while using Metaspl...

See Details