Tips, Tricks, and Traps When Prepping for a GIAC Certification Exam

As a SANS Subject Matter Expert, I often get asked for tips on how to pass GIAC certification exams. Here are some tips and tricks I have learned.

OWASP & The Top 10

The OWASP Top 10 details critical risks associated with web application security and is the defacto standard for web app security.

Include Command Strings – Penetration Test Reporting Tips

A good pentest report is supposed to be a teaching tool that provides the folks on the receiving end with information that makes it possible for them to do a lot of the same things we did. Here are a few reasons why we want them to do that.

Hire an Editor – Penetration Test Reporting Tips

If you really, honestly, and truly want to take your reports to the next level, hire an editor.

Report As You Go – Penetration Test Reporting Tips

If what you did does not show up in your pentest report, it didn’t happen. So how do you make sure your report captures everything you did? (First in a series of posts.)

Digital Reconnaissance & Recon Tools

The old adage, “knowledge is power,” is true in general, but in infosec, knowledge is mission critical. Luckily, there are a lot of tools to make recon easier.

The Dark Side of Cookies

Browser cookies are files stored on your computer with information to be used by your web browsers. They aren’t evil on their own, but they can be used for evil.

Learn One. Do One. Teach One.

Building your skill set can seem overwhelming, but if you can break things down into smaller pieces that you share with others, over time you can not only learn a lot of cool stuff, but also help others along the way.

BHIS PreShow Banter Marathon Madness

John Strand and a whole bunch of his friends just spent 24 hours straight, talking, joking, telling stories, sharing life experiences, making music, and generally fooling around, all while live and streaming their shenanigans over YouTube.