In case my readers haven’t noticed, I’ve changed the tagline of the blog from “A blog about Information Security, Cryptography, and Privacy” to “A blog about Information Security, Privacy, and Ethical Hacking”. If you don’t see it, try clearing your browser cache.
The reason for this small change in direction is threefold:
- When I started this blog a couple of years ago, cryptography was one of my main interests. These days, whilst I still like reading up on advances in cryptography, I don’t find it as interesting as other aspects of information security.
- Cryptography itself can be seen as a big part of “Information Security”, so it seemed pointless to effectively include it twice in the tagline.
- I’ve worked as a penetration tester for almost 6 months now, so ethical hacking is now something I am focusing on and wanting to write about more.
So I’m going to start a small series of simple but detailed tutorials on various skills required when penetration testing. They will range from basic usage of nmap/nessus/metasploit to the more advanced cracking of stolen hashes and attacking web applications. If people have suggestions for other tutorials, be sure to contact me and I’ll do my best to put one together.
I will shortly be getting back to more regular blogging on security issues, but I thought I would inform the readers of my blog that recently I was awarded an MSc in Information Security from Royal Holloway, University of London. I was working on it for the past two years, and am happy to announce that I received a “Pass with Distinction”, the highest grade possible.
Last night I was also informed that my MSc Project (on Fuzz testing Web Applications) received a SearchSecurity.co.UK award for being of “outstanding quality”.
That’s all the personal news for now. I’ve been very busy at work over the past two months, so I have had less time to do personal projects like updating this blog. As Christmas nears, I’ll have more time for these sorts of things. For now, thanks for reading!
I’ve been pretty absent from both blogging and tweeting recently as I left my job as a Security Researcher to do penetration testing for Convergent Network Solutions. This involved moving from Reading to London, which was great since I’ve always wanted to live there. Other than starting what I hope will be a long career as a Penetration Tester, I’ve also been working on my MSc, where I am developing a web application fuzz tester.
Of course, there are already a lot of fuzz testers out there, especially for web apps, so mine will be “special” in a number of ways. Firstly, it will be a command-line tool so that users can run it from machines without a display manager (always useful). Secondly, it will use an XML-based “scripting” language that I have developed, which will allow people not familiar with programming (QA teams for instance) to easily write tests in a structured way that they can understand. Finally, it will support multiple fuzzing methods including a simple list of values, incrementing numbers, and completely random data.
I hope to open source it at the end of development, and of course I’ll make any such announcements on this blog.
Yesterday I attended Infosecurity Europe 2012 and had a brilliant time. This was my first time going, but it will hopefully be the first of many. During the day I saw quite a few exhibits, talked with (and grilled) a few people about security, and of course grabbed as many freebies as possible.
The highlight of the day for me was meeting Bruce Schneier and getting a signed copy of his new book Liars & Outliers, which I look forward to reading and possibly reviewing on this blog.
I also met up with a couple of people from WhiteHat Security to talk about their business and what new things they were doing in the industry. They were very interested in my blog, and hopefully in the future we may share content, as they are looking to include guest writers on their own blog (which I highly recommend).
Infosecurity Europe is definitely a great place to go if you want to meet up with interesting people and stay on top of advancements in the industry, so be sure to mark it in your diaries for next year!
These are just a few quick updates to explain what I am doing with the blog.
Firstly, regular readers may notice that I have a new blog banner image, which was kindly designed for me by a friend who wishes to remain anonymous for now. I think it looks a lot better than the old styled header, and it makes the template I’m using a bit more unique.
Secondly, I’m going to change the format of the blog somewhat. Until now, I’ve mostly focused on long detailed articles, from explaining security concepts, to creating lists of recommended browser add-ons, to even attempting to refute academics and professionals. The problem is that these articles take a lot of time to research and write, and my free time for doing them is limited by both my work and my university studies.
On the other hand, I subscribe to a lot of security feeds and mailing lists, and will occasionally tweet about various things that I come across. So I’ve decided to adapt this habit, and instead of just tweeting about something, I will give it a short write-up on this blog. Sometimes I may just put a link and a short comment, other times I may write a couple of paragraphs. Whatever I do, you’ll still get to read some good content that you may have missed elsewhere on the web. I tried a similar thing back in January and February with “Cryptogasm Quickies”, but instead of doing a single post with multiple items, you’ll get a post per item.
This isn’t to say that I will never write in-depth articles again; on the contrary, I have a few that I am working on, but instead of the blog feeling inactive for days (and sometimes weeks) on end whilst I work on them, I will provide small amounts of content to keep you all up to date with various pieces of security news and views.
Thirdly and finally (and nothing to do with the blog), I am attending the Infosecurity Europe 2012 convention on Wednesday 25th April. If anyone else is going, let me know via twitter and perhaps we can meet up for a drink.