Stepping into the management role can be a daunting task to proceed at. In this article I will do my best in explaining how my experience as been going forward as a Chief Information Security Officer (“CISO”).
Permanent link to this article: http://www.securesolutions.no/my-reflections-as-a-ciso/
Mar 04 2013
It’s so easy to pick locks that only have 3 pins
These types of locks, with 3 pins, are good for newbies to learn lock picking.
Permanent link to this article: http://www.securesolutions.no/its-so-easy-to-pick-locks-that-only-have-3-pins/
Jan 04 2013
Why it’s easy being a hacker – A SQL injection case study
Finding SQL injections today is like picking apples from an apple tree. It’s very easy, and anyone can do it. Ask any hacker you want, SQL injection is everywhere. There have been many folks predicting the end of SQL Injection, however, year after year we see it in the OWASP Top 10.
Permanent link to this article: http://www.securesolutions.no/why-its-easy-being-a-hacker/
Dec 23 2012
Is social engineering an actual threat?
A question was raised on a security community (security.stackexchange.com) on whether or not social engineering is still a threat. The question refers to Kevin Mitnick’s book from 2002: “The Art of Deception: Controlling the Human Element of Security” which is also featured in my web shop The person writing the question asks if we shouldn’t be immune to …
Permanent link to this article: http://www.securesolutions.no/is-social-engineering-an-actual-threat/
Nov 27 2012
SANS Hacker Techniques, Exploits & Incident Handling kommer til Bergen! (Norwegian)
I 2013 tilbyr SANS mentor basert studium her i Bergen, oppstart 6. Mars. Kurset som avholdes er det meget kjente “SEC504: Hacker Techniques, Exploits & Incident Handling” utviklet av den velkjente sikkerhetsguruen Ed Skoudis. Kurset gir studenten god ryggdekning til å bli sertifisert ved å bestå GCIH eksamen(GCIH – GIAC Certified Incident Handler). Mentor er …
Permanent link to this article: http://www.securesolutions.no/sans-hacker-techniques-exploits-incident-handling-kommer-til-bergen-norwegian/
Oct 15 2012
Evolution of the Nmap source code
This awesome codeswarm of the Nmap sourcecode shows the development of Nmap from 2005 to todays date. Pretty impressive development history, and also fun to watch!
Permanent link to this article: http://www.securesolutions.no/evolution-of-the-nmap-source-code/
Oct 04 2012
Nmap preset scans – Options and scan types explained
Zenmap is the GUI for the very popular free port scanner Nmap. It comes pre loaded with 10 different scan types which we will take closer look at them in this article. Some of the scan types are kind of obvious, however they may not be to everyone.
Permanent link to this article: http://www.securesolutions.no/zenmap-preset-scans/
Oct 02 2012
Handy SQL queries
Finding filetypes stored in a MySQL table If your system allows fileuploads, and you have a database table where you store all the fileuploads, it could be interesting to see what types and how many types of files are being uploaded to your system. This query will find all filetypes uploaded to the system. Replace …
Permanent link to this article: http://www.securesolutions.no/handy-sql-queries/
Oct 01 2012
Distribuert tjenestenekt: «Fordi vi kan» (Norwegian)
Hvordan kan det ha seg at en liten gruppe tenåringer klarer å ta ned store nettsider både i Norge og utlandet? Jeg tar en nærmere titt på hvordan slike angrep kan utføres fra gutterommet til en fjortenåring.
Permanent link to this article: http://www.securesolutions.no/distribuert-tjenestenekt-fordi-vi-kan-norwegian/
Aug 29 2012
Guide in understanding XSS – XSS payloads, attack vectors, BeEF hooking, MiTM with Shank and some history
Cross site scripting is vulnerabilities in web applications that involves injecting valid HTML or scripts in some form or way. XSS is a very widespread vulnerability (see OWASP TOP 10) on the internet today. It is both easy to eliminate and easy to detect. It is however usually harder to exploit than for example SQL …
Permanent link to this article: http://www.securesolutions.no/xss-explained/
Loading tweets...
SANS Internet Storm Center, InfoCON: green
- Infocon: green
- UDP port 1434 directed attack to AS13489 IP ranges, (Fri, May 24th) 24/05/2013
- ISC StormCast for Thursday, May 23rd 2013 http://isc.sans.edu/podcastdetail.html?id=3326, (Thu, May 23rd) 23/05/2013
- MoVP II, (Thu, May 23rd) 23/05/2013
- Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html, (Thu, May 23rd) 23/05/2013
- Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame, (Wed, May 22nd) 22/05/2013
- Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222, (Wed, May 22nd) 22/05/2013
- Wireshark 1.8.7 and 1.6.15 Released http://www.wireshark.org/news/20130517.html, (Wed, May 22nd) 22/05/2013
- Privilege escalation, why should I care?, (Wed, May 22nd) 22/05/2013
- ISC StormCast for Wednesday, May 22nd 2013 http://isc.sans.edu/podcastdetail.html?id=3323, (Wed, May 22nd) 22/05/2013