Rick Sanchez explains command injection

The brilliant Rick and Morty returned this weekend, and the third season premiere unexpectedly showcased just how devastating a successful command injection attack can be. Held prisoner in a simulation of his own memories, sometimes-great, always-mad scientist Rick Sanchez is forced to relive the moment he created his portal gun so his alien captors can […]

Finishing line: I’ve passed my GCIH exam!

The SANS Cyber Retraining Academy concludes this week, but before graduation there was time for students to take one last GIAC examination to assess our incident handling skills. I’d already passed the GIAC Security Essentials (GSEC) exam with 94 per cent a few weeks ago, but I was more nervous going into the GIAC Certified […]

Automating a brute force web attack

This week was all about hacking at the SANS Cyber Retraining Academy, as students attempted to take control of a drone before embarking on a two-day Netwars capture the flag marathon. The challenges spanned a huge range of skills – we found ourselves doing everything from setting up backdoors and stealing WordPress credentials to delivering […]

How I became a Linux person

I used to swear by macOS, but in recent years I found performance dropping and frustration growing. Luckily, my eyes were opened to what a great alternative Linux has become. Since 2009, I’ve been a pretty consistent user of macOS – or OS X, as it was called until recently. Windows was the ugly, unsecure […]

Flaws are more troubling than surveillance

We shouldn’t be surprised that organisations like the CIA are using technology to monitor people of interest to them, but the weaknesses they knowingly leave behind are a big concern. This week, along with other students at the SANS Cyber Retraining Academy, I completed two capture the flag challenges. I worked as part of a […]

Hacking a flawed PC’s easier than you think

I used the Metasploit Framework to take control of a virtual machine for the first time this week. If I can do that after just six weeks of training (albeit with a little help), I hate to imagine what an experienced hacking expert is capable of doing to an improperly secured computer… A couple of […]