Categories

Posts in Misc.

long time no blog - December 08, 2007
Back and RoraScanner - July 28, 2007
Away for a bit - July 13, 2007
Moved Again.. - June 23, 2007
back.. in more than one sense of the word - May 19, 2007
Some cool new tech things I've been playing with - May 03, 2007
One of those Articles... - March 05, 2007
The wonders of modern (open source) technology... - December 07, 2006
Cool netstat and wmic stuff - December 06, 2006
The cats alluded to in by blog title - December 03, 2006
Using Google Code search to find the programming language most likely to drive you mad - October 15, 2006
Cool list of YouTube stuff - October 13, 2006
Google Cheatsheet. - September 28, 2006
Great Dictionary Site - August 23, 2006
Cool Interviews with great programmers - July 24, 2006
Vast quantities of Coolness from VMware - July 13, 2006
List of data breaches - July 07, 2006
Survey results on security.. spend more.. get less - June 13, 2006
Insider Attack Court case - June 08, 2006
Lsit of Cool sites related to Google Maps - February 27, 2006
Blog Worm.... - January 26, 2006
Good Guide for Home user Internet Security - January 19, 2006
Choosing a Wiki - January 10, 2006
Something to do, 'cause all the cool kids are. - January 09, 2006
search for a music player... over? - November 17, 2005
Interesting Survey results... - October 30, 2005
More blogs to keep a track of - October 11, 2005
Coverage of the "Tsunami Hacker" - October 10, 2005
Just a touch scary... - October 05, 2005
Link to a very interesting writeup on international hacking - September 08, 2005
Anonymity on the 'net - September 08, 2005
Template Worm announcement - September 01, 2005
Loong break from blogging and announcing www.isobelellis.com - August 31, 2005
Interesting Story about DDoS attacks - July 26, 2005
Thought provoking post on terrorism and statistics - July 24, 2005
Declining E-commerce? - June 24, 2005
A big breach of security - June 18, 2005
[OT] Geek T-shirts... - June 12, 2005
Real Interesting Post: Microsoft in trouble? - April 18, 2005
Gmail File System - April 10, 2005
publicly available FTP web interface - March 30, 2005
Unintended consequences - March 14, 2005
I'm back! from a looooong break - March 13, 2005
[OT]Firefox Tuning Info - January 04, 2005
[OT] Amarok Rules.... - December 19, 2004
Comment Spamming and Typekey - November 21, 2004
And now I'm back.... - October 20, 2004
Interruptions to blogging..... - July 11, 2004
Slashdot story on Cool DNS tricks... - June 22, 2004
cool.. bootable USB drives - March 27, 2004
Welcome - March 17, 2004

Posts in Useful links

Handy list of online tools - February 20, 2006
Interesting site with many handy looking resources - June 01, 2005
Cool Windows XP Info. site - April 24, 2005
Handy list of Security Whitepapers - April 14, 2005
mailing lists - March 21, 2005
Everything you ever wanted to know about Oracle Security - November 15, 2004
Another of the NSA's security guides - November 07, 2004
Handy guide on SSH pub/priv key usage - November 07, 2004
Useful info on the consequenses of certain security settings - November 05, 2004
Sun Blueprints - Security - November 03, 2004
Interesting article on .NET code Security - November 01, 2004
Useful info on Windows Processes - October 26, 2004
Interesting article on Packet crafting - June 29, 2004
Interesting Linux Forensics site - June 15, 2004
Handy Collection of tips for Linux amongst other things - June 15, 2004
TCP/IP for security analysts redux - June 10, 2004
IP Address GeoLocation Site - June 07, 2004
DTI Security related publications - June 01, 2004
Handy list of Linux Live CD's - May 21, 2004
Microsoft Security Management column - May 19, 2004
Diceware Passphrase Generator - May 12, 2004
Prelude IDS - April 27, 2004
Online Portscan - April 22, 2004
Linux forensics - April 14, 2004
link to article about google hacking - March 31, 2004
Excellent list of PKI links - March 30, 2004
Cool List of general security Links - March 30, 2004
Infosecpedia - March 24, 2004
Listing of Microsoft Hotfixes by Product - March 17, 2004

Posts in Security books

Software security Books - March 18, 2004

Posts in Web security

Tools I use - Burp - January 04, 2010
Scotland on Rails Videos online - May 27, 2009
Scotland on Rails - Web Application Security - March 31, 2009
Thoughts on Secure Data Handling in web applications... - March 25, 2009
XSS in Rails Applications - March 08, 2009
Web 2.0 security it's not going to be pretty - March 05, 2007
Perils of persistent Logins... - January 01, 2007
Finally ! A sensible view on AJAX Security - December 01, 2006
Wapiti - Web App. Scanner - October 08, 2006
People finding new uses for Google's Code search engine - October 05, 2006
Really interesting study on the prevalence of SQL injection - October 05, 2006
XSRF example - September 26, 2006
Static analysis tool for web applications - September 08, 2006
whups sounds like someone forgot to get a Pen.Test done - August 30, 2006
Good post on the dangers of XSS - August 30, 2006
Some Interesting Javascript Attacks - August 05, 2006
Sometimes doing the right thing is wrong - June 21, 2006
Another new web app. security tool to look at - June 13, 2006
Paper on automated web application security testing - May 25, 2006
Web 2.0 - January 20, 2006
Cool overview of XSS attacks - September 05, 2005
The eternal tradeoff... performance annd security - August 31, 2005
Interesting examples of XSS attacsk - April 20, 2005
sql injection resources - April 20, 2005
Here's a service to avoid. - March 20, 2005
Spyware attacks on alternate browsers - March 14, 2005
The web is not a safe place to be these days! - March 14, 2005
Category-based Web content blocking... a bit useless really - December 28, 2004
An object lesson in the importance of maintaining domain names - December 28, 2004
Very nasty vulnerability in IE - December 18, 2004
Interesting opinion piece on Internet Explorer security - November 29, 2004
More info. on iframe and IE security in general... - November 23, 2004
More details on the Bofra Incident - November 21, 2004
Major website with infected links! - November 20, 2004
Very handy tip for Browsing from Windows - November 20, 2004
Online Browser Security Test - April 07, 2004
Out-of-Band communications to combat phishing - April 06, 2004
Example of a spoofed secure site - March 27, 2004
SSL phishing Article - March 21, 2004

Posts in General security

Avoiding controls which are "designed to fail" - June 23, 2008
Are we Secure yet? (Part 1) - May 04, 2008
Security Shorthand problems - April 08, 2008
Some More UK Data Loss - April 07, 2008
Infosec Scotland - March 08, 2008
February OWASP meeting - March 08, 2008
Inagural OWASP Scotland Chapter Meeting - October 21, 2007
Risk Assessed Password Policies - Account Lockout - October 06, 2007
Risk Assessed Password Policies - Password Strength - September 27, 2007
Some great insight on thinking about security - August 22, 2007
SaaS vendor security. - August 16, 2007
Blackhat presentations are up - happy reading - August 15, 2007
Comments and Trackbacks off... - July 10, 2007
Data Tagging requisites.. - June 03, 2007
Comment on comment about comm.... ah you get the picture - June 02, 2007
Data security architecture Redux. - June 02, 2007
Excellent point on culture change - June 01, 2007
Data Centric Security... Yeuch - June 01, 2007
OWASP Conference slides up - May 24, 2007
Windows server 2008 to solve Microsofts last security problem? - May 22, 2007
OWASP Conference Milan - May 19, 2007
Being overly Litigious, good for Security? - April 26, 2007
A Difference between IT and Information Security - April 22, 2007
When Free Software is a bad idea - March 26, 2007
Data Leak Protection... Gah! - March 19, 2007
Security products != Secure products - February 22, 2007
Why Microsofts SDL may not lead to secure Microsoft Products - February 16, 2007
The Final Frontier for Microsoft Security - Complexity - February 05, 2007
Online Security scanners List - February 05, 2007
(Firefox) Extension Security - January 28, 2007
Security Bloggers Network - January 28, 2007
New Free Database scanner... a Windows only Java program! - January 01, 2007
New UK Computer Misuse Act... Yeuch - November 22, 2006
blog.searchinfosec.com - October 27, 2006
searchinfosec.com - October 25, 2006
Information Security Search Engine with Google Coop - October 24, 2006
Lightweight Windows... At last - October 12, 2006
Sitekey vulnerabilities article - August 25, 2006
More data Loss - June 26, 2006
TaoSecurity's take on the latest Jericho moves - March 03, 2006
Good example of one of those counter intuitive security things - February 22, 2006
Link to some more interesting throughts from Marcus Ranum - September 10, 2005
IT Security "Kitemark" from the UK Gov. - September 09, 2005
Another good example of social engineering - March 30, 2005
Good information source for 17799 - March 20, 2005
Bank Attack... - March 17, 2005
Wide open Webcams - January 06, 2005
More on Chip/PIN - January 04, 2005
Ethics and CISSP's - January 04, 2005
Article on the relationship between ITIL and InfoSec - December 24, 2004
Implications of SOX for Security Professionals - December 19, 2004
Chip and PIN... is it as secure as they say...? - December 19, 2004
Sensible comment on Google Desktop Search - November 29, 2004
Interesting Article about loss of customer data - November 07, 2004
Canadian reaction to the Patriot act - October 31, 2004
Microsoft Security Guidance Center - October 30, 2004
InfoSec questionnaire - October 26, 2004
Open source Monitoring framework - October 25, 2004
More on Passwords/passphrases - October 25, 2004
Interesting Blog Entry on passwords v passphrases - October 22, 2004
Now this doesn't sound like a good idea - October 22, 2004
bootable USB OS - October 21, 2004
Post from Bruce Schneier on SIMS and outsourcing - October 21, 2004
A real good example why relying on users is a bad idea - June 26, 2004
Interesting Post on MS & Least privilege - June 26, 2004
Security managers in court?! - June 22, 2004
Cell phone virus - June 19, 2004
More on network switches taking on a security role - June 15, 2004
Article about password alternatives - June 01, 2004
An example of software patents being a bad thing(tm) - June 01, 2004
Threat modelling tool - May 31, 2004
Good password sudy - May 31, 2004
Story on the Cisco code theft - May 19, 2004
Career path to Network Security - May 19, 2004
Good example of Social Engineering - May 17, 2004
US falls for Phishing... - May 12, 2004
Client Security, It's important! - May 09, 2004
Sasser worm Author caught - May 09, 2004
Article or Troll? Securing the 'Net - May 03, 2004
The end of ROSI, one can but hope - April 23, 2004
Encrpyted mail that doesn't interfere with A-V - April 22, 2004
UK companies... some way to go on security - April 14, 2004
Interesting e-mail attack - April 10, 2004
New Internal Network Monitoring Tools - April 06, 2004
ICMP chat - April 04, 2004
Hard Drive Information Leakage - April 02, 2004
Good presentation on Password Strength - March 22, 2004
Analogies in the Security World - March 22, 2004

Posts in Penetration testing

Tools of the trade - USB powered Switches - March 21, 2013
Just the Facts Ma'am - January 20, 2011
Creating a Simple Vulnerability Database - Part 2 - October 25, 2010
Creating a Simple Vulnerability Database - Part 1 - October 20, 2010
Tools I use - Burp - January 04, 2010
Tools I use - Dradis - October 28, 2009
Testing SNMPv3 - August 26, 2009
Defcon 17 - August 09, 2009
Metasploit Resources - May 04, 2009
Rack for Pen Testing - March 31, 2009
Penetration Test Scoping - December 22, 2008
What is Penetration Testing? - December 14, 2008
PCI 6.6 clarification - Am I missing something? - April 24, 2008
The start of an interesting series of blogs - August 22, 2007
Handy Footprinting/research tool - August 05, 2007
More random thoughts on OWASP - July 12, 2007
HP to acquire SPI... Cenzic/Acunetix/... next? - June 19, 2007
List of SQL Injection scanners - May 20, 2007
White-Hats and Hacks - April 14, 2007
CREST launches Ethical hacker Certification - March 23, 2007
Pen Testing A go go - March 15, 2007
Pen Testing Tools aren't always the best solution - February 28, 2007
Security Assessments vs Penetration Tests - January 31, 2007
More on windows cached password recovery - November 29, 2006
SQL Injection tool - October 14, 2006
cool XSS DB - October 10, 2006
Walkthough of an XSS attack - August 14, 2006
Oracle Exploit Code - July 19, 2006
Cool Pen Testing Mind Map - July 07, 2006
New NMAP tool list - June 21, 2006
Article on AJAX security and Pen Testing - June 19, 2006
and yet more tool updates... - June 15, 2006
New hacme sites available - June 15, 2006
Presentation and information on iSeries Pen testing - June 14, 2006
Novel Social Engineering technique - June 08, 2006
More on SecuBat - June 01, 2006
Common Web Attacks - April 28, 2006
cool tool for bypassing Windows lock-down - December 13, 2005
Handy listing of MS Vulns to bulletins - October 27, 2005
Handy Perl Module for Pen Testing - October 26, 2005
Cool article on HP JetDirect Hacking - September 12, 2005
HTML validation in .NET 1.1 - September 07, 2005
Cool List of firefox plugins for pentesters - September 06, 2005
V. Handy new IIS exploit - August 31, 2005
Excellent presentation on Web Application Security Testing Tools - June 27, 2005
Info Systems Security Assessment... - June 22, 2005
cachedump - April 21, 2005
More Pen Test Resources - April 14, 2005
Mac OSX security site - April 08, 2005
unicornscan - fast port scanner... - April 07, 2005
Interesting article on Packet crafting - June 29, 2004
Scanrand info - June 21, 2004
MetaSploit redux - April 27, 2004
Exploits for real... - April 10, 2004
link to article about google hacking - March 31, 2004
Root Cause Analysis in penetration testing - March 23, 2004

Posts in Software security

Scottish Ruby Conference follow-up - 2 - Securing your app. - April 01, 2010
Interesting new site? - February 01, 2008
New Years Resolution - Ask your Software vendors about security - January 09, 2008
What 2008 may bring... - December 08, 2007
Software security and Vulnerability Pimps - January 08, 2007
Analysis of the Vista Security Model - August 02, 2006
Security Review Process - August 02, 2006
Cool List of Fuzzers for Application testing work - March 14, 2006
Overview of security updates in .NET 2.0 - January 29, 2006
Implementing software whitelists - September 28, 2005
Article on Microsofts secure development Lifecycle - September 19, 2005
Online book on Secure Coding - March 15, 2005
Buffer Overflow Tutorial - March 25, 2004

Posts in Tutorials

Illustrated guide to cryptographic hashes - March 14, 2005
Seurity Tutorials at NANOG - March 27, 2004
Buffer Overflow Tutorial - March 25, 2004

Posts in Spam management

Spam appliances better than software? - March 27, 2004

Posts in Flights of fancy

Information Appliance Tap. - March 30, 2004

Posts in Hardware

Windows 8 on the Acer Iconia W500 Tablet - March 25, 2012
Yay for Cool new tech. - November 02, 2007
locking down USB - October 25, 2004
linux palmtop goodness - April 03, 2004
Information Appliance Tap. - March 30, 2004

Posts in Vulnerability management

DNS vulnerability - are there any other mitigations apart from patching? - July 22, 2008
When is a debian user not a debian user? - May 15, 2008
Holy Apples to Oranges Comparison Batman - March 05, 2007
Very nasty solaris telnet bug - February 11, 2007
Cisco code execution Vulnerability - January 25, 2007
Using google to hack for you - November 23, 2006
More on Database vulnerability numbers - November 21, 2006
Database Vulnerability numbers - November 17, 2006
Java Nessus Client - August 05, 2006
Security flaws in OSX - April 24, 2006
New IE 0-day - March 24, 2006
Some good points on Client Security - January 31, 2006
Oracle Security Slowness - January 26, 2006
Vulnerability management article - January 12, 2006
Insight into worm authors motives - August 31, 2005
Today's IE vulnerability ... - August 31, 2005
Demo of Reverse engineering of MS Patches - June 26, 2005
IIS6 secure? - May 08, 2005
Very Nasty Unpatched Windows vuln. - April 23, 2005
Security Forest... now here's interesting - March 31, 2005
security disclosure threatened by lawsuits - March 29, 2005
Windows V Redhat (Linux) Security.... again - March 27, 2005
Know Your Enemy stats.. Linux getting harder to compromise... - December 23, 2004
Review of Vulnerability Assessments Tools - November 09, 2004
Vulnerabilities in Mulitple brownsers - October 20, 2004
Reducing Attack Surface - October 20, 2004
Unpatched IE holes exploited - June 10, 2004
Microsft Security Policy Compliance... - May 19, 2004
Detecting Rogue machines on client subnets - May 06, 2004
Security threats to open/closed source software - May 06, 2004
Spyware in the corporation - April 22, 2004
MS April Security Vulns... how many are there? - April 14, 2004
Vulnerability Management Stats, Apples and Oranges? - March 31, 2004
Open Source Vulnerability Database - March 31, 2004
Complexity of patching at microsoft - March 31, 2004
Paying for Patches?! - March 31, 2004

Posts in Wireless security

Article about the legal rights and wrongs of WiFi - October 31, 2005
Airmagnet Spectrum analyser review - October 05, 2005
Interesting Wireless Security Development - September 05, 2005
Out of date opinions... - September 05, 2005
Mobile phone virii - August 31, 2005
Mobile Phone Tracking - August 05, 2005
Interesting new Bluetooth attack - June 06, 2005
link to an interesting article on L2 WLAN stuff - March 29, 2005
WEP ... toast this time? - December 21, 2004
Wardriving site - June 19, 2004
Interesting site on Wi-Fi news - June 15, 2004
Part II of an article on Wireless Pen Testing - June 15, 2004
Wireless Security raises its head again... and again - June 06, 2004
Cisco... Asleap at the wheel? - April 14, 2004
Default passwords in Cisco Wireless kit - April 10, 2004
Bluesnarfing story - March 31, 2004

Posts in Security learning resources

Oracle Listener Security Guide - April 09, 2007
Free security related e-learning from Microsoft - March 29, 2005
security Journal - November 01, 2004
Security White Paper Site - April 15, 2004

Posts in Security tools

PWDumpX - November 29, 2006
NMAP 4's out! - January 31, 2006
Cross Site Scripting Vulnerability scanner - September 05, 2005
Alternate data streams - April 05, 2005
Portknocking resources - April 15, 2004

Posts in Intrusion detection systems

Prelude IDS - April 27, 2004

Posts in Networking

Change of name for Ethereal - June 13, 2006
ToR - July 24, 2005
Excellent Interview with Marcus Ranum - June 22, 2005
Ping Tunnel - May 15, 2005
Handy tutorial on using SSH to bypass firewalls - March 30, 2005
Novel way of Learning about Cisco Products - May 31, 2004

Posts in Web services

Pontentially handy tool for webservices work - September 08, 2006
Web Services Security - June 15, 2004
List of Web Services - June 07, 2004

Posts in Forensics

The dangers of jumping to conclusions - April 30, 2008
Rootkit hunting - November 02, 2005
Interesting Linux Forensics site - June 15, 2004

Posts in Security policy

Catching out dodgy security policies - December 10, 2008
17799 User Group - August 23, 2005
PCI link and commentary - June 23, 2005
Interesting Article about Security Policies - June 21, 2004

Posts in E-mail security

Appropriate trust on the Internet - September 10, 2007
Insecure encrypted email?! - October 05, 2005
Outsourcing mail security, hmmm... - June 24, 2004

Posts in Phishing

Malware to defeat virtual keyboards - September 19, 2006
2-Factor Auth in banking Attacked - July 11, 2006
noooooooo. - February 22, 2006
couple of Interesting phishing Stories - November 17, 2004
Article looking at some of the defences against phishing - November 02, 2004
Another anti-phishing initiative - June 24, 2004

Posts in Cryptography

Appropriate trust on the Internet - September 10, 2007
Interesting ... and worrying info about a new encrypted rootkit - April 09, 2006
Interesting commentary on md5 collision attacks - March 14, 2005

Posts in Regulatory

IT systems solve your SOx problems... - March 14, 2005
SOx increases fraud Risk?!! - March 14, 2005

Posts in Linux

Yay for Cool new tech. - November 02, 2007
Seriously Cool - Easy IE on linux - September 26, 2006
Linux Keyboard Instruction - June 01, 2005

Posts in Programming

Web Site Design Template Site - September 01, 2005
Perl plugin for Eclipse - June 26, 2005

Posts in Ruby on rails

Scottish Ruby Conference Videos Up. - June 01, 2011
Creating a Simple Vulnerability Database - Part 2 - October 25, 2010
Creating a Simple Vulnerability Database - Part 1 - October 20, 2010
Scottish Ruby Conference follow-up - 2 - Securing your app. - April 01, 2010
Scotland on Rails Videos online - May 27, 2009
Scotland on Rails - Web Application Security - March 31, 2009
XSS in Rails Applications - March 08, 2009
Ruby on Rails Search Engine with Google Coop - October 24, 2006
Handy Ruby Framework for scripting - October 21, 2006
Learn something new... every 30 minutes - September 28, 2006
Dependant Destruction and the problems with Rails books - September 28, 2006
handy validator recipes for rails - September 28, 2006
Fix for XSS problems wih in_place_edit - September 20, 2006
Handy Rake Reference Sheet - September 15, 2006
Quick presentation on REST - September 14, 2006
New Version of Radrails out - September 11, 2006
Rails Resource Listing - September 07, 2006
Nice Forum Based interfact to the rails mailing list - September 02, 2006
Cool one way to deal with the rapidly moving rails - August 31, 2006
One of the problems of using a developing framework - August 31, 2006
CentOS ruby mysql plugin problem - solution - August 30, 2006
solution for in_place_editor problem - August 28, 2006
Migrations Posting - August 27, 2006
fix for in_place_editing problem I had - August 27, 2006
Ruby On Rails - August 27, 2006

Posts in Database security

Database expert: Oracle behind Microsoft on patch management - Network World - March 13, 2008

Posts in Off topic

Why eBook Readers won't succeed for now... - September 06, 2008

Posts in Metasploit

Scottish Ruby Conference & Breaking things with Ruby - March 26, 2010
Some Metasploit and Oracle Notes - Part 1 - May 10, 2009
Tonights Metasploit links - May 07, 2009
More metasploit resources - May 05, 2009
Metasploit Resources - May 04, 2009

Posts in Ruby

Scottish Ruby Conference Videos Up. - June 01, 2011
Just the Facts Ma'am - January 20, 2011

Posts in Introductions

Is This Thing on - January 31, 2016
A Rambling Introduction - March 06, 2014
Welcome to the ScotSTS blog - May 22, 2011

Posts in Ramblings

Finding security - June 08, 2014
Why security is getting worse - March 14, 2014

Posts in Security

House of Cards - April 01, 2014

Posts in Ssl

Want to improve your security? Just turn off SSL! - November 17, 2014
Open Source Responsibility - April 10, 2014

Posts in Open source

Open Source Responsibility - April 10, 2014

Posts in Browsers

Changing Times - The end of Autocomplete='off' - April 17, 2014

Posts in Testing

Changing Times - The end of Autocomplete='off' - April 17, 2014

Posts in Vmware

Setting up a lab with VMWare workstation - May 10, 2014

Posts in Labs

Setting up a lab with VMWare workstation - May 10, 2014

Posts in Authentication

Changing Times - End of SMS Auth? - November 02, 2014

Posts in Burp

Burp Plugin for use with JWT Tokens - June 19, 2016
Burp Passive Scanner Plugins with JRuby - January 15, 2015

Posts in Development

Software Library Repositories and Security - March 01, 2015

Posts in Statistics

Some potential problems extrapolating from data in security - April 17, 2015

Posts in Conferences

So you're giving a conference talk - May 23, 2015

Posts in Docker

Restricting Docker Access With a Reverse Proxy - September 05, 2021
Trying out Cosign - March 21, 2021
Exploring Rootless Docker - December 19, 2020
Container Vulnerability Scanning Fun - June 21, 2020
Comparing Docker and Podman - Basic Operations - February 01, 2020
Container Image Squatting in a Multi-Registry World - September 25, 2019
Docker and Kubernetes Reverse shells - August 09, 2019
Docker Capabilities and no-new-privileges - June 01, 2019
Traefiking in Presentations - March 25, 2019
Docker 18.09 - Making WSL that much easier - November 11, 2018
Using 'Try with PWD' buttons to demonstrate apps - October 21, 2018
WSL and Docker for Windows - March 29, 2018
Network Tools in Non-Root Docker Images - July 23, 2017
Keeping your Docker builds fresh - July 09, 2017
Docker 1.12 - Macvlan - July 23, 2016
A couple of initial thoughts on Docker Swarm mode and 1.12 - June 19, 2016
Presenting from a Docker Container - June 06, 2016
The Dangers of Docker.sock - March 06, 2016
New Docker Compose Features - February 14, 2016
Exploration in Docker Bridging - February 07, 2016
Docker 1.10 Notes - User Namespaces - February 04, 2016
Set-up a Complete Security Test Environment with One Command and Docker Compose - August 15, 2015
Using Docker for Security Testing - July 23, 2015
Some notes on docker - July 05, 2015

Posts in Vulnerabilities

Verizon DBIR Vulnerabilities Redux - May 02, 2016
Verizon DBIR, Vulnerabilities and Cold Fusion - April 30, 2016

Posts in Presentations

Presenting from a Docker Container - June 06, 2016

Posts in Kubernetes

Let's talk about anonymous access to Kubernetes - March 18, 2023
Fun with Caddy - SSRF Testing - January 21, 2023
Fun with SSRF - Turning the Kubernetes API Server into a port scanner - January 02, 2023
Attack of the clones - Stealthy Kubernetes persistence with eathar, tòcan and teisteanas - December 21, 2022
PCI Compliance for Kubernetes in detail - Part 16 - Segmentation - December 20, 2022
PCI Compliance for Kubernetes in detail - Part 15 - Configuration Management - December 18, 2022
PCI Compliance for Kubernetes in detail - Part 14 - Version Management - December 16, 2022
PCI Compliance for Kubernetes in detail - Part 13 - Registry - December 14, 2022
PCI Compliance for Kubernetes in detail - Part 12 - Container Image Building - December 12, 2022
PCI Compliance for Kubernetes in detail - Part 11 - Resource Management - December 10, 2022
PCI Compliance for Kubernetes in detail - Part 10 - Patching - December 03, 2022
PCI Compliance for Kubernetes in detail - Part 9 - Runtime Security - November 27, 2022
PCI Compliance for Kubernetes in detail - Part 8 - Container Monitoring - November 19, 2022
PCI Compliance for Kubernetes in detail - Part 7 - Container Orchestration Tool Auditing - November 12, 2022
PCI Compliance for Kubernetes in detail - Part 6 - Secrets Management - November 06, 2022
PCI Compliance for Kubernetes in detail - Part 5 - PKI - October 29, 2022
PCI Compliance for Kubernetes in detail - Part 4 - Network Security - October 23, 2022
PCI Compliance for Kubernetes in detail - Part 3 - Workload Security - October 15, 2022
PCI Compliance for Kubernetes in detail - Part 2 - Authorization - October 08, 2022
PCI Compliance for Kubernetes in detail - Part 1 - Authentication - October 01, 2022
The Challenges of Assessing Kubernetes clusters for PCI Compliance - September 20, 2022
PCI Guidance for Containers and Container Orchestration Tools - September 10, 2022
Fun with Windows Containers - Popping Calc - September 03, 2022
Auditing RBAC - Redux - August 14, 2022
Fun with Capabilities - July 31, 2022
Let's talk about Kubernetes on the Internet - July 03, 2022
Escaping the Nested Doll with Tailscale - June 11, 2022
Fun with secrets - Where did they go? - February 12, 2022
Fun with unicode - messing with output - November 06, 2021
Fun with CRDs - Overwriting core types - November 01, 2021
A Census of Kubernetes Clusters - June 05, 2021
Getting into a bind with Kubernetes - January 16, 2021
Kubernetes is a router - January 03, 2021
Escalating Away - December 12, 2020
The revenge of system:masters, return of the AKS - November 29, 2020
From Stackoverflow to CVE, with some laughs along the way - October 15, 2019
Accessing Cluster IPs from the Outside - October 03, 2019
Kubernetes Security Lab with Kind and Ansible - September 14, 2019
Making it Rain shells in Kubernetes - August 10, 2019
Certificate Authentication and the Golden Ticket at the heart of Kubernetes - April 16, 2019
The most pointless Kubernetes command ever - April 01, 2019
Kind of Insecure Test Clusters - March 04, 2019
Kubernetes authentication woes and secret user database - September 10, 2018
Auditing Kubernetes Access Control - May 23, 2018
Some notes on Kubernetes Network Policies - March 25, 2018
Kubernetes Attack Surface - etcd - May 01, 2017
Kubernetes Attack Surface - Service Tokens - April 02, 2017
Kubernetes Attack Surface - cAdvisor - October 14, 2016
Kubernetes - From Container to Cluster - October 08, 2016

Posts in Owasp

Some thoughts on the new OWASP Top 10 - A7 - April 14, 2017

Posts in Containers

Fun with Containers - Adding tracking to your images - February 11, 2023
Containers and Low Ports - July 03, 2021
When is a Vulnerability (possibly) not a vulnerability - November 22, 2020
Docker Hub - Watch out for old images - August 12, 2018
Docker containers without Docker - August 05, 2018
Exploring Kata Containers - July 23, 2018
Exploring gVisor - July 22, 2018
Exploring Public Kuberetes Certificates - July 19, 2018
Container Testing - A small tools container with SSH - April 15, 2017

Posts in Capabilities

Linux Capabilities and when to drop all - August 27, 2017

Posts in Github

Shells in Github Actions - August 25, 2019

Posts in Podman

More Podman - Rootfull containers, Networking and processes - February 23, 2020

Posts in Wsl2

Custom Pentest Distributions using WSL2 - May 31, 2020

Posts in Arm

Project Volterra - ARM Desktop - October 30, 2022