Five Attributes of an Effective Corporate Red Team
After talking recently with colleagues at IOActive as well as some heads of industry-leading red teams, we wanted to share a list of attributes that we believe are key to any effective Red Team. [ NOTE: For debate about the relevant terminology, we suggest Daniel’s post titled The Difference Between Red, Blue, and Purple Teams. ] To be clear, we think there can be significant variance in how Red Teams are built and…
Completely Unnecessary Statistical Analysis: Phone Directory
Disclaimer: I am not a statistician. A particular style of telephone company directory allows callers to “dial by name” to reach a person, after playing the matching contacts’ names. In the example used here, input must be given as surname + given name with a minimum of three digits using the telephone keypad (e.g. Smith = 764). To cover all possible combinations, you’d calculate 8^3, or 512 combinations. With a directory that allowed repeated searches in the same call, it would take about seven hours of dialing to cover…
IOActive’s IOAsis at RSA 2012
This is not a technical post as usual. This is an invitation for an important event if you are going to RSA 2012 and want to escape the chaos and experience the luxury at IOAsis while enjoying great technical talks and meeting with industry experts. If you want to feel like a VIP and have great time then don’t miss this opportunity! We have scheduled some really interesting talks such as: Firmware analysis of Industrial Devices with IOActive researcher Ruben Santamarta Mobile Security in the Enterprise with IOActive VP, David Baker…
Estimating Password and Token Entropy (Randomness) in Web Applications
Entropy “In information theory, entropy is a measure of the uncertainty associated with a random variable. In this context, the term usually refers to the Shannon entropy, which quantifies the expected value of the information contained in a message, usually in units such as bits. In this context, a ‘message’ means a specific realization of the random variable.” [1] 1. http://en.wikipedia.org/wiki/Entropy_%28information_theory%29 I find myself analyzing password and token entropy quite frequently and I’ve come to rely upon Wolfram Alpha and Burp Suite Pro to get my estimates for these values. It’s…