Category: Blog

  • Video demonstration: Local File Inclusion going for Code Execution (Shell)

    Video demonstration: Local File Inclusion going for Code Execution (Shell)

    I’ve just done a video demonstration for SANS Spectacular Pentest Video Contest. I hope you enjoy it!

  • Security Management for 2014

    Security Management for 2014

    Security seems to be, for many, the idea of keeping everything clinical clean, not getting hacked and preventing introducing new risk to the equations. Well guess what, there’s no such thing as clinical clean in security, and I hate to break it to you, but IT security is about minimizing loss and reducing risk. It…

  • Repeating success; Hacking Techniques, Exploits & Incident Handling January 2014 in Bergen (Norwegian)

    Repeating success; Hacking Techniques, Exploits & Incident Handling January 2014 in Bergen (Norwegian)

    Kurset som avholdes er det meget kjente “SEC504: Hacker Techniques, Exploits & Incident Handling” utviklet av den velkjente sikkerhetsguruen Ed Skoudis. Kurset gir studenten god ryggdekning til å bli sertifisert ved å bestå GCIH eksamen(GCIH – GIAC Certified Incident Handler). Det er et meget bra kurs som mange kan ha nytte av, spesielt dem som…

  • Setting up backup for a headless LAMP stack using Dropbox

    I currently run a LAMP stack, and I was in the need of a simple automatic backup process for my websites. This article will show you how you can easily implement backup for the services implemented through Dropbox, crontab and with a retention period to avoid running out of storage space.

  • My reflections as a CISO

    My reflections as a CISO

    Stepping into the management role can be a daunting task. In this article I will do my best in explaining how my experience has been, going forward as a Chief Information Security Officer (“CISO”). 

  • 3 pin lock picking

    These types of locks, with 3 pins, are good for newbies to learn lock picking.

  • Why it’s easy being a hacker – A SQL injection case study

    Finding SQL injections today is like picking apples from an apple tree. It’s very easy, and anyone can do it. Ask any hacker you want, SQL injection is everywhere. There have been many folks predicting the end of SQL Injection, however, year after year we see it in the OWASP Top 10.

  • Is social engineering an actual threat?

    A question was raised on a security community (security.stackexchange.com) on whether or not social engineering is still a threat. The question refers to Kevin Mitnick’s book from 2002: “The Art of Deception: Controlling the Human Element of Security“. The person writing the question asks if we shouldn’t be immune to these types of attacks and techniques after…

  • SANS Hacker Techniques, Exploits & Incident Handling kommer til Bergen! (Norwegian)

    SANS Hacker Techniques, Exploits & Incident Handling kommer til Bergen! (Norwegian)

    I 2013 tilbyr SANS mentor basert studium her i Bergen, oppstart 6. Mars. Kurset som avholdes er det meget kjente “SEC504: Hacker Techniques, Exploits & Incident Handling” utviklet av den velkjente sikkerhetsguruen Ed Skoudis. Kurset gir studenten god ryggdekning til å bli sertifisert ved å bestå GCIH eksamen(GCIH – GIAC Certified Incident Handler). Mentor er…

  • Evolution of the Nmap source code

    Evolution of the Nmap source code

    This awesome codeswarm of the Nmap sourcecode shows the development of Nmap from 2005 to todays date. Pretty impressive development history, and also fun to watch!