Source Code Analysis For Pentesters

Source code….yuck!

I’m a pentester not a programmer. I wouldn’t even know where to start for a source code audit”.

I know, I know, I know…believe me I know. I was there at one point as well. I’m doing a 1 day live online class for a pentesting firm on January 29th from 9am EST to 4pm […]

By |Uncategorized|0 Comments

Burp Suite Weekend Bootcamp

Burp Suite is one of the most popular web application security testing testing tools. It has a ton of features and can do everything from intercepting and modifying HTTP requests/responses in real time, to scanning web applications for vulnerabilities, to brute forcing login forms, to testing the entropy of session tokens, and it even allows […]

Hackers For Veterans!!!

Today is Veteran’s day and I just wanted to thank all of the wonderful people that have or do serve in the Armed Forces. Regardless of how you may feel about US foreign policy, defense spending, fighting in the Middle East or any area of the world for that matter today is about not about […]

Real World Pentesting: It’s Time To Up Your Game

The focus of this class is “taking your game to the next level”. This is a PURE NETWORK ATTACK class. Students will connect via a VPN to a target network that is designed to emulate an enterprise high security environment like a department of defense or bank network. Students will learn and be tasked with […]

Attacking Dell Foglight Server

I was just talking to someone a little while ago about how rarely I run into Postgres on pentests.  I have however run a postgres based product called Foglight. Ok, so what is a Dell Foglight box? A while back I was on a pentest and ran into one of these.


Let’s see…”Dell’s application performance monitoring […]

By |Uncategorized|0 Comments

Pentester Command-line Immersion

You aren’t going to want to miss this one! This week long bootcamp is going to cover a ton of material. If you are someone that wants to “UP YOUR TECHNICAL” skills – this is the program for you. The workshop covers Linux, shell scripting, Python, Powershell, and Ruby. Each is covered in the context […]

By |Uncategorized|0 Comments

Using APT tactics and techniques in your pentests

I have a student that has been asking me about internal network penetration testing so I figured I’d write a blog post about it. I was trying to explain to him that there is so much more to it then just popping boxes. Breaking in a machine is easy, the moving around a network and […]

By |Uncategorized|0 Comments

Bypassing Restricted Environments

I just got an email from an old student that is doing a pentest and he asked me about pentesting restricted environments like locked down desktops, citrix, kiosks, etc. I figured I’d put together a blog post on the subject and if people like it I’ll do some more blog posts that go deeper into […]

By |Uncategorized|2 Comments

Hands-On IT Security in Maryland

Are you ready for the ultimate hands-on security course? 3 days of the real deal. No death by PowerPoint, no endless pontificating about how an attack theoretically works.


This 3-day workshop (3 Saturdays – Oct 10th, 17th, 24th) from 9am – 4pm EST will cover advanced hacking with Metasploit on the first day, advanced web hacking […]

Web Scanner Pro is finally here….

I’ve been working on a project for a while now and I can finally tell you about it.

The problem

Small and medium sized businesses often do not have the knowledge to properly secure the applications they deploy in their environments, and usually cannot afford the enterprise security software products that could help them. This is the […]

By |Uncategorized|0 Comments