EY Brucon Challenge Write-up

The BruCON 0x07 edition is behind us and boy it has been a rush! Awesome people, magnificent speakers and unbelievable parties, BruCON 0x07 had it all!

Business Continuity is concerned with information security risks and impacts

A Business Continuity Programme (BCP) is primarily concerned with those business functions and operations that are critically important to achieve the organization.s operational objectives. It seeks to reduce the impact of a disaster condition before the condition occurs. Buy-in from top level management is required as a review is required of each function defined in the business as to ensure all key-personnel is identified. Why would a business require a BCP?

My experience getting OSCP

About a month ago I passed my OSCP exam. I would like to share my experience considering this is one of the most interesting, challenging and hardest courses I've ever took. The course itself is very comprehensive, but you will need to put in a a lot more effort than just going through the course manual to pass the exam. Be prepared to Try Harder!

A short statement on the Heartbleed problem and its impact on common Internet users.

On the 7th of April 2014 a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security published information on a security issue in OpenSSL. OpenSSL is a piece of software used in the encryption process; it helps you in coding your computer traffic to ensure unauthorized people cannot understand what you are sending from one computer network to another. It is used in many applications: for example if you use on-line banking websites, code such as OpenSSL helps to ensure that your PIN code remains secret.

IBM WebSphere Application Server (WAS) password decoder

Recently I was on a job where we needed to decode a WAS password. I found it a bit troublesome to do it as IBM suggests, requiring you to use classes from the WebSphere jar files. I wrote a simple python script which can decode these passwords easily.

Resetting Kali Root Password

So I installed a clean VMWare image of Kali and integrated all of my tools into it. I do this so I can just copy a clean version of the virtual machine when starting a new project. Unfortunately I forgot my password. I changed it from "toor" to something else, but didn't know anymore what that something else was. If you want to know how to reset the password on your Kali Linux, then read further.

About Secure Password Hashing

An often overlooked and misunderstood concept in application development is the one involving secure hashing of passwords. We have evolved from plain text password storage, to hashing a password, to appending salts and now even this is not considered adequate anymore. In this post I will discuss what hashing is, what salts and peppers are and which algorithms are to be used and which are to be avoided.

WiFi security: history of insecurities in WEP, WPA and WPA2

Recently I answered a question on security.stackexchange.com regarding security in wireless protocols. The OP wanted to know more about what methods were available to break into a wireless network and how long it would take.

Fixing Dovecot 1 to 2 migration on Debian Wheezy

I upgraded my mailserver from Squeeze to Wheezy the other day, I was running Dovecot 1, but Wheezy only has Dovecot 2. It tried to upgrade my installation, but this went terribly wrong and it broke the mailserver. Below I will share what errors I encountered and how to fix them:

SQLAlchemy and MySQL server has gone away (error 2006)

I encountered a problem with MySQL and SQL alchemy when trying to run a large insert. Considering other inserts were working perfect it made me suspect that there was a tress hold in place which would not pass the large commit. I looked at the different settings and finally found out it was due to a too small max_allowed_packet value. I increased the value to 64M which solved my problem.