Archive for September, 2013

The Infosec Revival – DerbyCon 2013

DerbyCon this year was awesome as usual. I presented “The Infosec Revival: Why owning a typical network is so easy, and how to build a secure one.” The video is here on Youtube: Or you can check out the slides here: The RDP video is here: And the VM isolation video is here: I should […]

, , , ,

2 Comments

Remote Desktop and Die – How to RDP Faster Without Getting Robbed

Unless you have not patched your domain controller in the past five years, chances are, if an intruder gets domain admin or enterprise admin level access, they probably did it through credential theft. One of the biggest recurring themes of countless intrusion and pentest reports is that to accomplish lateral movement and privilege escalation to […]

, , , , , , , , ,

4 Comments

Secure random password generation

Ideally you never use a password, but sometimes, you have to anyway. One very common scenario is in signing up for a web application. Such passwords can be stored on the server, hashed with a fast algorithm such as MD5, and over which you have no control. You do not want your password to be […]

1 Comment