So, my Defcon talk, ultimately about ending clickjacking by design. TL:DR: The web is actually fantastic, and one of the cool things about it is the ability for mutually distrusting entities to share the same browser, or even the same web page. What’s not so cool is that embedded content has no idea what’s actually […]
Door To Door Deceptive home security sales tactics
It must be summer because security companies that use door to door selling tactics are out in force. We came across the following news story that unfortunately, seems to be occurring more and more. This kind of deceitful behavior will end up costing yo…
Kali Linux 2.0 Release Day Scheduled
We’ve been awfully quiet lately, which usually means something is brewing below the surface. In the past few months we’ve been working feverishly on our next generation of Kali Linux and we’re really happy with how it’s looking …
Safe Computing In An Unsafe World: Die Zeit Interview
So some of the more fun bugs involve one team saying, “Heh, we don’t need to validate input, we just pass data through to the next layer.” And the the next team is like, “Heh, we don’t need to validate input, it’s already clean by the time it reaches us.” The fun comes when you […]
Talking with Stewart Baker
So I went ahead and did a podcast with Stewart Baker, former general counsel for the NSA and actually somebody I have a decent amount of respect for (Google set me up with him during the SOPA debate, he understood everything I had to say, and he really applied some critical pressure publicly and behind the […]
Official Kali Linux Docker Images Released
For the latest information, please see our documentation on Docker
Last week we received an email from a fellow penetration tester, requesting official Kali Linux Docker images that he could use for his work. We bootstrapped a minimal Kali Linux 1.1.0a…
Beware of Door To Door Security System Scams
The nicer weather starts the beginning of “Summer Programs” that many home security companies employ to generate door to door home security systems sales. The Summer Program consists of security companies hiring temporary workers that go door to door a…
Pixiewps, Reaver & Aircrack-ng Wireless Penetration Testing Tool Updates
A short while ago, we packaged and pushed out a few important wireless penetration testing tool updates for aircrack-ng, pixiewps and reaver into Kali’s repository. These new additions and updates are fairly significant, and may even change your …
OpenVAS 8.0 Vulnerability Scanning
Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manu…