Hackerspace Charlotte

Hackerspace Charlotte is a great place for people who share an interest in technology and science to meet new people, make contacts, and begin lasting friendships. It is also a great place for people to bring their projects, share their projects and get help with their projects. The projects that people bring to Hackerspace Charlotte [...]

I am proud to say that my talk has been selected for B-Sides Austin TX this year.  Check out the Abstract below if you’re interested. Name: David Maloney, @thelightcosineTitle: Don’t Pick the lock, steal the key Length: 45 minutes Abstract: You’ve got a problem. You’re running a pentest and the only vulnerable box is some [...]

Some blogger, has recently written a somewhat uninformed post on the whole Patrick Webster FSS issue. The author seems to be under some misapprehension about how these sorts of things work. Which is cocnerning for someone who claim to be a Web Application Security person, and is taking the pulpit to preach on the issue. [...]

Disclaimer: The opinions expressed in this blog are my own, and do not reflect the views of anyone but myself. In the latest incident, Patrick Webster of OSI Security, is under threat of legal action. This threat comes after he disclosed a vulnerability to First State Superannuation . The vulnerability was a case of direct Object Reference. By manipulating [...]

Rel1k recently posted his thoughts on how DerbyCon, and I thought I would share my own. I have not exactly made a secret of how I felt about DerbyCon. The speaker lineup was simply amazing. There were very few spots where I didn’t have a talk I wanted to see. I unfortunately had to make some [...]

Here is the latest update to the document I have been creating. This is a list of exploits that are in exploit-db but not in Metasploit. This list is generated by referencing the Knowledge Base in QualysGuard. Its accuracy is not guaranteed, but it should serve as a good starting point for anyone interested in porting exploits to Metasploit. Article source: http://cosine-security.blogspot.com/2011/10/update-to-metasploit-exploit-port.html

There has been some controversy over the recent rise in bug bounty programs. One response was issued by Anthony Haywood, CTO of Idappcom. You can find his article here. I read this article in disbelief at some of the ‘points’ espoused in this article. I will avoid the more mundane trollings  of the article and try to [...]

New module just committed today: auxiliary/scanner/mssql/mssql_hashdump This modules takes given credentials and a port and attempts to log into one or more MSSQL Servers. Once it has logged in it will check to make sure it has sysadmin permissions. Assuming it has the needed permissions it will then grab all of the Database Username and Hashes. While [...]

I have spent some time today getting a new Metasploit Development Environment in place. With a lot of help from DarkOperator and egyp7 I think I have succeeded. Step 1: Installing some Pre-Reqs sudo aptitude install build-essential libssl-dev zlib1g zlib1g-dev subversion openssh-server screen bison flex jam exuberant-ctags libreadline-dev libxml2-dev libxslt-dev libpcap-dev libmysqlclient-dev libpq-dev curl git [...]

Earlier this month I picked up Metasploit: A Penetration Tester’s Guide. I have, on multiple occasions, had the distinct pleasure to talk with two of the authours, Devon Kearns and Dave Kennedy. These two are shining examples of everything that is right with our industry. They are constantly giving back to the community at large [...]