Writing a good risk statement. I often review documents describing risks that fail to either make an impression as to the seriousness of the risks or fail to explain the cause and impact of those risks, both results leading to a less well informed risk decision by a non-specialist executive. We need to accept the inherent inaccuracy of cyber risk modelling and use it to support quick decision-making rather than build .

I enjoy developing in Clojure, hacking, bicycling, and dark chocolate. Predictably, most of the blogs I follow are tech-related. Technology, Virginia and US politics, open government. Software, design, life.

Vulnerability Research, Exploit Development, Reverse-Engineering. Greets to capsl for brainstorming about the potential ROP-scenarios btw! To make this write-up more useful for people that want to learn, I have tried to make it quite detailed.

Information Security, Application Security, Penetration Testing, Hacks, Scripting, Exploits, Security News, Malware, and other random garbage. Thursday, 7 August 2014. Some more thoughts on the infosec culture. Hey, time to dust off this old blog. The following post is expressing my own personal views and is not in any way connected to or representative of the views of my employer.

Contact your hosting provider for more information.

Y asuntos de traje y corbata. Todos de interés en este campo profesional. Domingo, 10 de abril de 2011. Incidentes para recordar de los últimos dos meses. Llevamos una temporadita fina y elegante en cuanto a hacking e incidentes varios de seguridad informática. Como sé que me perderé si no lo escribo, aquí va esta entrada como una especie de lista de sucesos interesantes a recordar. Y nos enseña, además, que si el navegado.

The stuff you are actually looking for. A remarkably nice guided fuzzing tool. A lovingly-crafted book on web security. A guide for less crazy folk. For semi-frequent updates on security research. A fuzzer with an impressive track record of finding bugs. A popular tool for passively detecting operating systems on remote machines. A web security testing tool is now a cog in the Google Cloud Security Scanner.

A blog focused on the related subjects of software exploitation, penetration testing and computer incident detection and response. Monday, March 16, 2015. 5 of SSL Testing Tool ssltest. Added support for scanning versions 1. Updated cipher list for the newer versions of OpenSSL. The new list is quite a bit bigger than that of the previous version, but specific support depends on your underlying OpenSSL library. Chris Mahns, from whom I. Borrowed the initial codebase and ide.