IoT: My testing experience and conclusions

IoT is the new hip thing being affected by information security. Recently I've been involved in a few projects to do security testing on different types of consumer solutions.

EY Brucon Challenge Write-up

The BruCON 0x07 edition is behind us and boy it has been a rush! Awesome people, magnificent speakers and unbelievable parties, BruCON 0x07 had it all!

Business Continuity is concerned with information security risks and impacts

A Business Continuity Programme (BCP) is primarily concerned with those business functions and operations that are critically important to achieve the organization.s operational objectives. It seeks to reduce the impact of a disaster condition before the condition occurs. Buy-in from top level management is required as a review is required of each function defined in the business as to ensure all key-personnel is identified. Why would a business require a BCP?

My experience getting OSCP

About a month ago I passed my OSCP exam. I would like to share my experience considering this is one of the most interesting, challenging and hardest courses I've ever took. The course itself is very comprehensive, but you will need to put in a a lot more effort than just going through the course manual to pass the exam. Be prepared to Try Harder!

A short statement on the Heartbleed problem and its impact on common Internet users.

On the 7th of April 2014 a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security published information on a security issue in OpenSSL. OpenSSL is a piece of software used in the encryption process; it helps you in coding your computer traffic to ensure unauthorized people cannot understand what you are sending from one computer network to another. It is used in many applications: for example if you use on-line banking websites, code such as OpenSSL helps to ensure that your PIN code remains secret.

IBM WebSphere Application Server (WAS) password decoder

Recently I was on a job where we needed to decode a WAS password. I found it a bit troublesome to do it as IBM suggests, requiring you to use classes from the WebSphere jar files. I wrote a simple python script which can decode these passwords easily.

Resetting Kali Root Password

So I installed a clean VMWare image of Kali and integrated all of my tools into it. I do this so I can just copy a clean version of the virtual machine when starting a new project. Unfortunately I forgot my password. I changed it from "toor" to something else, but didn't know anymore what that something else was. If you want to know how to reset the password on your Kali Linux, then read further.

About Secure Password Hashing

An often overlooked and misunderstood concept in application development is the one involving secure hashing of passwords. We have evolved from plain text password storage, to hashing a password, to appending salts and now even this is not considered adequate anymore. In this post I will discuss what hashing is, what salts and peppers are and which algorithms are to be used and which are to be avoided.

WiFi security: history of insecurities in WEP, WPA and WPA2

Recently I answered a question on security.stackexchange.com regarding security in wireless protocols. The OP wanted to know more about what methods were available to break into a wireless network and how long it would take.

Fixing Dovecot 1 to 2 migration on Debian Wheezy

I upgraded my mailserver from Squeeze to Wheezy the other day, I was running Dovecot 1, but Wheezy only has Dovecot 2. It tried to upgrade my installation, but this went terribly wrong and it broke the mailserver. Below I will share what errors I encountered and how to fix them: