System Overlord

A blog about security engineering, research, and general hacking.

Preparing for Penetration Testing with Kali Linux

14 Feb 2018 in Security (Reading time: 15 minutes)
The Penetration Testing with Kali Linux (PWK) course is one of the most popular information security courses, culminating in a hands-on exam for the Offensive Security Certified Professional certification. It provides a hands-on learning experience for those looking to get into penetration testing or other areas of offensive security. These are some of the things you might want to know before attempting the PWK class or the OSCP exam.

Read More...

Book Review: Red Team by Micah Zenko

10 Feb 2018 in Security (Reading time: 5 minutes)

Red Team: How to Succeed By Thinking Like the Enemy by Micah Zenko focuses on the role that red teaming plays in a variety of institutions, ranging from the Department of Defense to cybersecurity. It’s an excellent book that describes the thought process behind red teaming, when red teaming is a success and when it can be a failure, and the way a red team can best fit into an organization and provide value. If you’re looking for a book that’s highly technical or focused entirely on information security engineering, this book may disappoint. There’s only a single chapter covering the application of red teaming in the information security space (particularly “vulnerability probes” as Zenko refers to many of the tests), but that doesn’t make the rest of the content any less useful – or interesting – to the Red Team practitioner.

Read More...

Security Is Not an Absolute

05 Feb 2018 in Security (Reading time: 9 minutes)

If there’s one thing I wish people from outside the security industry knew when dealing with information security, it’s that Security is not an absolute. Most of the time, it’s not even quantifiable. Even in the case of particular threat models, it’s often impossible to make statements about the security of a system with certainty.

Read More...

Playing with the Gigastone Media Streamer Plus

28 Jan 2018 in Security (Reading time: 6 minutes)
A few months ago, I was shopping on woot.com and discovered the Gigastone Media Streamer Plus for about $25. I figured this might be something occassionally useful, or at least fun to look at for security vulnerabilities. When it arrived, I didn't get around to it for quite a while, and then when I finally did, I was terribly disappointed in it as a security research target -- it was just too easy.

Read More...

Psychological Issues in the Security Industry

26 Jan 2018 in Security (Reading time: 10 minutes)
I've unfortunately had the experience of dealing with a number of psychological issues (either personally or through personal connections) during my tenure in the security fold. I hope to shed some light on them and encourage others to take them seriously.

Read More...