Jan 07 2015

LinkedIn Phish – Investment Proposal


Today I received the following message from a LinkedIn contact: Greetings, I hope all is well with you, please review this recommendation for an investment opportunity which am considering a partnership with you if you’re interested. I hope that the reasons for this investment, which are alluded to in more details in the enclosed document( …

Continue reading »

Permanent link to this article: http://www.securesolutions.no/linkedin-phish-investment-proposal/

Dec 22 2014

News anchor challenged me to hack his Facebook account – Did he regret his decision?

I was privileged enough to be interviewed on Norwegian breakfast TV Saturday morning. The reporter had asked me to try hack his Facebook account the day before. Do you think he regret his decision? Here is the clip: – Norwegian (original):  www.tv2.no/v/867173/ – English: https://www.youtube.com/watch?v=JhMpjSiqq5s (turn on subtitles)

Permanent link to this article: http://www.securesolutions.no/news-anchor-challenged-me-to-hack-his-facebook-account-did-he-regret-his-decision/

Dec 04 2014

Finding Zero-Day XSS Vulns via Doc Metadata (+ WordPress 0day)

I’ve just released a blog post over at SANS pen-testing blog. Check out my latest article there: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata It contains details on using metadata as an attack vector, and using these techniques to metadata bomb documents to find zero-days. I hope you enjoy it.

Permanent link to this article: http://www.securesolutions.no/finding-zero-day-xss-vulns-via-doc-metadata-wordpress-0day/

Oct 18 2014

Patch for BadUSB


Go, go, go… Install this ASAP for quick and immediate patch.

Continue reading »

Permanent link to this article: http://www.securesolutions.no/patch-for-badusb/

Jul 16 2014

SQL Join types explained with 1 picture

SQL Joins

Venn diagrams are often over-used, however in this scenario it is a truly perfect fit for explaining SQL Joins. If you ever wonder how a join works or which join you should use, take a look at this picture:   [important]Credits to CL Moffatt for creating this picture: http://www.codeproject.com/Articles/33052/Visual-Representation-of-SQL-Joins[/important]

Permanent link to this article: http://www.securesolutions.no/sql-join-types-explained-with-1-picture/

Mar 22 2014

Password managers, why isn’t everyone using them already?

keep calm and carry

I am very surprised that people, still today, do not have sufficient knowledge of the existence of password managers. They make IT life so much easier for us! Think about what us security people are preaching: “You need to have a unique password for every single account”. That’s pretty rough demand, especially if the password …

Continue reading »

Permanent link to this article: http://www.securesolutions.no/password-managers-why-isnt-everyone-using-them-already/

Feb 13 2014

Video demonstration: Local File Inclusion going for Code Execution (Shell)

I’ve just done a video demonstration for SANS Spectacular Pentest Video Contest. I hope you enjoy it!

Permanent link to this article: http://www.securesolutions.no/video-demonstration-local-file-inclusion-going-for-code-execution-shell/

Dec 29 2013

Security Management for 2014

Security seems to be, for many, the idea of keeping everything clinical clean, not getting hacked and preventing introducing new risk to the equations. Well guess what, there’s no such thing as clinical clean in security, and I hate to break it to you, but IT security is about minimizing loss and reducing risk. It …

Continue reading »

Permanent link to this article: http://www.securesolutions.no/security-management-for-2014/

Dec 16 2013

Repeating success; Hacking Techniques, Exploits & Incident Handling January 2014 in Bergen (Norwegian)

Kurset som avholdes er det meget kjente “SEC504: Hacker Techniques, Exploits & Incident Handling” utviklet av den velkjente sikkerhetsguruen Ed Skoudis. Kurset gir studenten god ryggdekning til å bli sertifisert ved å bestå GCIH eksamen(GCIH – GIAC Certified Incident Handler). Det er et meget bra kurs som mange kan ha nytte av, spesielt dem som …

Continue reading »

Permanent link to this article: http://www.securesolutions.no/repeating-success-hacking-techniques-exploits-incident-handling-january-2014-in-bergen-norwegian/

May 28 2013

Setting up backup for a headless LAMP stack using Dropbox


I currently run a LAMP stack, and I was in the need of a simple automatic backup process for my websites. This article will show you how you can easily implement backup for the services implemented through Dropbox, crontab and with a retention period to avoid running out of storage space.

Continue reading »

Permanent link to this article: http://www.securesolutions.no/setting-up-backup-for-a-headless-lamp-stack-using-dropbox/

Older posts «