Ok, so I’m kind of behind the times in just getting this up, but here are some pictures from the Laser Cutter brought in August by August. Thank you, August, for bringing in the laser cutter!

Boom diggitty Video dawwg    

Hackerspace Charlotte is a great place for people who share an interest in technology and science to meet new people, make contacts, and begin lasting friendships. It is also a great place for people to bring their projects, share their projects and get help with their projects. The projects that people bring to Hackerspace Charlotte [...]

I am proud to say that my talk has been selected for B-Sides Austin TX this year.  Check out the Abstract below if you’re interested. Name: David Maloney, @thelightcosineTitle: Don’t Pick the lock, steal the key Length: 45 minutes Abstract: You’ve got a problem. You’re running a pentest and the only vulnerable box is some [...]

Some blogger, has recently written a somewhat uninformed post on the whole Patrick Webster FSS issue. The author seems to be under some misapprehension about how these sorts of things work. Which is cocnerning for someone who claim to be a Web Application Security person, and is taking the pulpit to preach on the issue. [...]

Disclaimer: The opinions expressed in this blog are my own, and do not reflect the views of anyone but myself. In the latest incident, Patrick Webster of OSI Security, is under threat of legal action. This threat comes after he disclosed a vulnerability to First State Superannuation . The vulnerability was a case of direct Object Reference. By manipulating [...]

Rel1k recently posted his thoughts on how DerbyCon, and I thought I would share my own. I have not exactly made a secret of how I felt about DerbyCon. The speaker lineup was simply amazing. There were very few spots where I didn’t have a talk I wanted to see. I unfortunately had to make some [...]

Here is the latest update to the document I have been creating. This is a list of exploits that are in exploit-db but not in Metasploit. This list is generated by referencing the Knowledge Base in QualysGuard. Its accuracy is not guaranteed, but it should serve as a good starting point for anyone interested in porting exploits to Metasploit. Article source: http://cosine-security.blogspot.com/2011/10/update-to-metasploit-exploit-port.html

There has been some controversy over the recent rise in bug bounty programs. One response was issued by Anthony Haywood, CTO of Idappcom. You can find his article here. I read this article in disbelief at some of the ‘points’ espoused in this article. I will avoid the more mundane trollings  of the article and try to [...]

New module just committed today: auxiliary/scanner/mssql/mssql_hashdump This modules takes given credentials and a port and attempts to log into one or more MSSQL Servers. Once it has logged in it will check to make sure it has sysadmin permissions. Assuming it has the needed permissions it will then grab all of the Database Username and Hashes. While [...]