This awesome codeswarm of the Nmap sourcecode shows the development of Nmap from 2005 to todays date. Pretty impressive development history, and also fun to watch!
Author: Chris Dale
I'm Chris Dale from Norway, founder and principal consultant at River Security (https://riversecurity.eu/). Along with my security expertise, I have a background from system development and application management. Having a vast and broad experience in IT certainly help a great deal when working penetration tests and incidents.
I am an open, sharing and engaging person to be around, some even think I'm funny. I am usually enthusiastic and motivating when I work, and usually positive and optimistic about the general problems I encounter. I am passionate about security, both IT and physical security, which is one of the reasons I do a lot of public speaking at different events such as classes, conferences and workshops.
Driven by mottos such as "Magic is just science we don't understand yet" and "Think bad, do good", I attack today's security challenges with eagerness and enthusiasm. I consider myself a pragmatic person, with the ability to think outside the box, keeping the business in focus.
I also teach for SANS. My primary class I am teaching is Hacking Techniques, Exploits & Incident Handling. This course prepares you for the GIAC Certification in Incident Handling (GCIH). I find it extremely motivating and fun to teach others the art of security and hacking, and I often find that my passion and enthusiasm rubs off on my students.
Nmap preset scans – Options and scan types explained
Zenmap is the GUI for the very popular free port scanner Nmap. It comes pre loaded with 10 different scan types which we will take closer look at them in this article. Some of the scan types are kind of obvious, however they may not be to everyone.
Handy SQL queries
Finding filetypes stored in a MySQL table If your system allows fileuploads, and you have a database table where you store all the fileuploads, it could be interesting to see what types and how many types of files are being uploaded to your system. This query will find all filetypes uploaded to the system. Replace […]
Distribuert tjenestenekt: «Fordi vi kan» (Norwegian)
Hvordan kan det ha seg at en liten gruppe tenåringer klarer å ta ned store nettsider både i Norge og utlandet? Jeg tar en nærmere titt på hvordan slike angrep kan utføres fra gutterommet til en fjortenåring.
Guide to understanding XSS – Payloads, attack vectors, BeEF hooking, MiTM with Shank and some history
This article can be read as PDF because of a vulnerability in the static HTML generator I am using. It triggers on my own XSS attacks, how funny is that? Read this article here: PDF of this article.
Ways to retrieve a missing persons account passwords
Since the creation of this post, many other ways of retrieving a password has been discovered, e.g. Mimikatz, Lan Turtle & Responder, Konboot and more. Norwegian newspaper claims police is lacking missing persons social media password Today, a major newspaper, VG announced that the progress in the of a missing person case may be set […]
Frustrations with Microsoft LiveID sign-on
Today I decided to sign up for Microsoft security bulletin notifications as I am working alot in windows enviroments now and it is important for us to get security patches out there as soon as possible. The list of security notifications can be accessed through 3 options (which can be found here: http://technet.microsoft.com/en-us/security/dd252948) : Email RSS […]
Can you use ONE WORD to describe the most important information security solution in your arsenal
One word On LinkedIn there was a word game in the group “Information Security Community“. The deal was to name what you think is the single most important thing in IT security. The now over 1 year old discussion is still active and keeps popping up in my LinkedIn newsletters. While I do not agree […]
Enumeration with practical examples from SQLMap
SQLMap – http://sqlmap.sourceforge.net/ SQLMap is an open source and free automatic SQL injection and database takeover tool. I’ve found it extremely usefull for doing blind SQL injection as it is normally extremely tedious work to get it done quickly. However for this article I will only cover the enumeration function.
Unlocking locked laptop – From physical access to recovering NT hashes
A friend of mine worked at the IT department of a school and we had a talk about what consequences it may have if a laptop without disk encryption got into the wrong hands. He could not see what the big deal was if a student computer got lost so I suggested that if he would borrow me a computer from the school I would try to see what potential risks could come out of it. The laptop I got was old, worn down and scheduled for recycling. Perfect for this scenario!