Cyber Security Blog of Chris Dale

My guest blog post over at SANS’s pen-testing blog went live. Hope you like it! Check it out here: https://pen-testing.sans.org/blog/2016/08/19/azure-0day-cross-site-scripting-with-sandbox-escape  

A presentasjon I did for Norwegian Developer Conference on attacking systems. Lots of demos!

This is a quick guide to get started with Android application testing. I wont delve into details of testing, but instead cover what is necessary to do in order to get started. The topics I go through are: Get a hold of an Android device through emulation or physical device Find and download the APK…

When creating a new account for yourself, either at your employeer, on the Internett in general or for your customers, you should in theory adhere to some best practice rules such as creating a strong password. That is: – Above 20 characters – A variety of special characters – No sentences, they alone can quite…

Documentation has been very dear for me for a long time. The usefulness and importance of documenting is just so immerse! In this post I’ll take a chop on some of my thoughts on documenting. Keep it simple stupid. Documentation should be brief and to the point. Do your best in having economy of words,…

A lot of companies and organisations does not do password resets properly today. Here is a recipe on how to do it securely. User enters the login page. This must be loaded over HTTPS. User clicks the “Forgot password” button. The user must then supply something unique to the user, e.g. email or username. The backend…

Today I received the following message from a LinkedIn contact: Greetings, I hope all is well with you, please review this recommendation for an investment opportunity which am considering a partnership with you if you’re interested. I hope that the reasons for this investment, which are alluded to in more details in the enclosed document(…

I was privileged enough to be interviewed on Norwegian breakfast TV Saturday morning. The reporter had asked me to try hack his Facebook account the day before. Do you think he regret his decision? Here is the clip: – Norwegian (original):  www.tv2.no/v/867173/ – English: https://www.youtube.com/watch?v=JhMpjSiqq5s (turn on subtitles)

I’ve just released a blog post over at SANS pen-testing blog. Check out my latest article there: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata It contains details on using metadata as an attack vector, and using these techniques to metadata bomb documents to find zero-days. I hope you enjoy it.