Security Notes, News, and Thoughts

Chris Gates New School Information Gathering

Chris Gates presentation from ToorconX has been posted on his blog: . This is a great slide-deck. His presentation covers quite a few things from using Maltego through looking at meta data from published documents to discover user names, userids, and file paths. Much of this stuff is stuff you would never have to touch one of your client/target's website in order to discover.

Fyodor Speaks on Internet DOS Attack

Fyodor has a great writeup on what's going on with the TCP Resource Exhaustion DOS attack. You can read about it here: . This makes sense based on what has been talked about. This seems to be a problem that has been around for a while, but as there has been confirmation that these packets can't be forged, this attack becomes blockable.


Welcome to the Blog. I'm hopefully going to be getting some of my content up soon, but I wanted to first do a post to talk about what I hope to put here. My current goal for this blog is to act as a source for new and interesting things in the computer security industry, as well as to post some of the projects that I'm working on. Most recently I've been doing research into web vulnerabilities as well as working with the guys over at Midnight Research Labs on playing some Capture the Flag over at SmashTheStack. I've also been working with Don over at and hope to speak at ChicagoCon coming up in October on how to increase the value of your Pen Tests.

Overall, hopefully you guys will see some cool stuff here in the upcoming weeks, so keep tuned.