Preamble

First of all please allow me to apologize for my lack of updating to the blog. I have been super busy, what with work/university/small project I haven’t had time to think about anything else.

The aim of this post is to try and hopefully let you know what I have been up to, what I am getting up to soon and plans for the future up until September. After this blog post, I will aim to try and get a more technical one released by Friday at the latest.

RandomStorm

Back on the 23rd of February I post this blog post http://tmacuk.co.uk/?p=204. I started work on the 1st of March and have been super busy with work. It has been a great first month, I have really enjoyed myself. The company is amazing always there to give you a hand when you need it and the employees are just as great. So thanks guys for a great first month, and I am looking forward to next month, after my exams, when I can begin to work full time over the the summer.

University

So recently University has got a whole lot harder. I have an assignment due in on Wednesday for Networking Technology. An assignment that we have to compare the results of a wired and wireless network both simulated and real life. The problem isn’t comparing the results, or even creating these networks, the problem is the simulation package. The university have apprently spent 100k on a piece of software name ITGURU. ITGURU is shit. Well actually let me rephrase that, ITGURU is good, if we were told how to use it. I feel at the moment we have just been chucked the software and told there you go make me something at the end of the month. It isn’t just me the class are feeling the strain, the problem is that we cannot ask for an extension because it is the end of term!

I also have another two assignments due in for the end of April. Which seems stupid as we break up for easter on Thursday. Come back for a week at the end of April, and then that is it, unless we have exams. ONE WEEK where I have to go into University, where instead I could be earning myself some money for the places I am planning on going, which I will talk about next.

Traveling/Conferences

• So starting from this month up until September it looks like I will getting over my fear of flying. I am planning on going to a few local meetings and then starting to branch out starting from the 16th of April.

• Tomorrow I will be attending SuperMonday’s http://www.supermondays.org – Here John Lunn from paypal will be coming to talk about mobile payments. John has worked within fraud systems for over 15 years and I hope to be learning some things about the security paypal incorporate into their mobile payment systems.

• I will be spending a week with my girlfriend in the peak district (where she lives) from the 1st April.

• On April 8th I will be heading to Dundee to go and speak at a LUG and possibly at the University, but that is still being decided. More information further down.

• On the 16th of April I will be flying out to Dublin, Ireland. I am going the LiveCD training there.

“This CD collects some of the best open source security projects in a single environment. Web developers, testers and security professionals can
boot from this Live CD and have access to a full security testing suite. This presentation aims to provide a showcase for the great OWASP tools and documentation materials available in the CD, tips and tricks, and also some introductory stuff regarding code review and penetration testing. Training is aimed at introductory /intermediate level in terms of pen testing, code review and tools. “

• On April 21st I will be attending NEBytes http://www.nebytes.net/ for a presentation on Office 2010 and SQL injection attacks and defense.

• I may be heading off to London on the 28th/29th of April for the last day of InfoSec http://www.infosec.co.uk/, that all really depends if work say it is worth me going.

• Hopefully sometime in between this and the next con I will be going away somewhere Spanish with my girlfriend.

• On the 3rd of September I am going to Ireland again, this time for a couple of days to attend Ireland AppSec – http://www.owasp.org/index.php/Ireland

• Then the best one BRUCON!!!! http://2010.brucon.org – I AM SO EXCITED! 24-25th of September.

Projects

So recently I have been spending a lot more time on DVWA, reasons to follow below. I today in fact found a small bug in one of the vulnerabilities and fixed that and that will be released in the net version. I have also, with the help of Robin Wood, written a sign up script for DVWA which Ryan and myself are talking about if that could be included as a vulnerability.

I have been working a lot on tracsec recently, yesterday being a great interview with JanisSharp – Gary Mckinnon’s mother.

Speaking

As mentioned above I will be traveling up to Dundee on the 8th April to go and speak at a LUG. My talk is called Web Application Security using DVWA and contains the following: -

“Web Application Security with DVWA – Thomas MacKenzie

The talk is going to consist of three sections.

The first section is going to be a brief introduction about myself, my background and how I first got into this line of work.

The second section is going to look at DVWA which is an open source web application created by Ryan Dewhurst and has been recently acquired by RandomStorm LTD. DVWA stand for Damn Vulnerable Web Application and was created as an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

The third section is going to look at specific web application vulnerabilities i.e. SQL Injection and Cross Site Scripting, how they work and how they can be prevented. DVWA incorporates a high security level which will be used here to present what security should be in place in that particular environment.”

I maybe giving a similar talk at Abertay Dundee University to the third year students however as said above this is still being decided.

If anyone is interested in hearing the talk, or would like me to do the same talk somewhere drop me an email at tmac<~~@~~>tmacuk.co.uk

Cheers

tmAcUK

p.s. if someone can suggest some where else to travel to for a con etc. that is relatively cheap. let me know.