logical

Flash….Thunder!

So another year has passed and what an active year it was, chocked full of security events, breaches, and account […]

physical

Gotta Vish ‘Em All: Managing a Large Vishing Engagement

I was recently tasked with managing a rather large vishing campaign targeting a major financial institution. Normally when we get […]

research

A Beginner’s Guide to the CVE process

Before I got into the security field full time, I made it my goal to someday discover a previously unpublished […]

development

King Phisher Release 1.6

We are happy to announce the long awaited release of version 1.6. The development of version 1.6 is massive compared to […]

defense

Flash….Thunder!

So another year has passed and what an active year it was, chocked full of security events, breaches, and account […]

Defending Web Apps: WAFs versus RASPs

Edsger Dijkstra once famously stated, “Testing shows the presence, not the absence of bugs.” Accordingly, even well-tested web applications written by […]

Encryption Basics: HMAC

We have covered a method for key exchange, and we have covered a way to implement public key encryption and […]

recreation

Target Locked: Game Accounts

Millions of people play video games in some way, shape, or form, from Call of Duty to World of Warcraft […]

CTF Example – Coding

You sit there in front of your desk after getting hired in to a security position, and quickly realize that […]

CTF Example – Wireless Security

Each of SecureState’s previous Capture the Flag events has included a challenge in which participants were tasked with tracking down […]