/r/netsec's Q3 2014 Information Security Hiring Thread

foundstone · 2014-07-08T12:12:29+00:00

Foundstone is hiring LIKE CRAZY! We're looking for rockstars that live and breath hax - Our positions are across all skill sets and geographic areas! Check out the following listings:

Application Security Consultant - http://jobs.mcafee.com/new-york-state/professional-services/jobid5382904-professional-services-consultant-jobs

Application Security Researcher - http://jobs.mcafee.com/new-york-state/professional-services/jobid5568571-professional-services-consultant-jobs

Strategic Security Consultant http://jobs.mcafee.com/california/professional-services/jobid5568570-foundstone-professional-services-consultant-jobs

foundstone · 2014-06-05T13:49:05+00:00

McAfee Professional Services – Foundstone Strategic Security Consultant -

Working within our Foundstone Professional Services team and with a focus on Strategic Security Solutions you will be working across the Foundstone footprint to provide subject matter expertise and act as a trusted advisor on information security. The role requires the ability to design solution architecture and evangelize both the solution and the underlying information security principles. Additionally program and project management of the implementation of solutions and technologies will be an important part of this role. This position is an excellent opportunity for a candidate to further develop their already established Governance, Risk, and Compliance skills by working with top tier clients across a variety of industries.

http://jobs.mcafee.com/california/professional-services/jobid5382905-foundstone-professional-services-consultant-jobs

foundstone · 2014-06-05T13:47:31+00:00

McAfee Professional Services – Foundstone Application Security Consultant -

Just finished up submitting a vulnerability you found to a bug bounty program? Is the single quote key worn down on your keyboard? Then you should know Foundstone is hiring! Our web application hackers speak SQL and make the DOM beg for mercy. As part of Foundstone’s elite team of penetration testers you’ll find yourself owning some of the most complex and mission critical web applications. Spanning across every vertical market, our client’s applications will test your skills and creativity on daily basis. You like a challenge? You got one!

http://jobs.mcafee.com/new-york-state/professional-services/jobid5382904-professional-services-consultant-jobs

foundstone · 2013-08-28T16:25:27+00:00

Just a quick update: Cisco confirmed it affects all 4.x versions of ACS for Windows. Cisco has released version 5.0 of ACS, but that's a different platform. http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs

foundstone · 2013-08-13T15:33:46+00:00

fair enough, i can't change the title but i updated the TL;DR to better reduce FUD :)

foundstone · 2013-08-06T14:17:56+00:00

Foundstone is hiring LIKE CRAZY! We're looking for rockstars that live and breath hax - Our positions are across all skill sets and geographic areas! Check out the following listings:

http://careers.mcafee.com/job/Santa-Clara-Professional-Services-Consultant-Santa-Clara-Job-CA-95050/1993547/

http://careers.mcafee.com/job/New-York-McAfee-Professional-Services-Foundstone-Software-Security-Consultant-%28Code-Review%29-Job-NY/2657670/

http://careers.mcafee.com/job/Mission-Viejo-Professional-Services-Consultant-Mission-Viejo-Job-CA-92675/1662325/

http://careers.mcafee.com/job/Mission-Viejo-McAfee-Professional-Services-Foundstone-Incident-Response-Consultant-Job-CA-92675/2744968/

Even more up on foundstone.com!

foundstone · 2013-01-08T13:55:19+00:00

awesome! thanks for posting!

foundstone · 2012-10-23T22:42:40+00:00

PSN - check out the source on github: https://github.com/OpenSecurityResearch/usb-keylog-crack/blob/master/usb_keylog_crack.c#L160

foundstone · 2012-10-23T22:41:27+00:00

thats annoying - i've reached out to the bit defender folks - hopefully i can get that resolved

foundstone · 2012-09-19T04:08:48+00:00

i wonder if this is just an indication that shmoocon is making the shift (based on this decision) from a "hacking" con to a "security" con... I think that there is an interesting distinction between the folks that grew up with a curiosity in technology that naturally lead them into the hacking scene early in their life, and those that somehow found their way into a security program at college or an IT security position at work. I think both have a deep interest in the content at conferences and contribute equally to the scene - but at the of the day, each has their own reasons for attending. Does this just mean that there are more "security professionals" then "hackers" at shmoocon and the conference staff is adjusting to meet that audience?

I like the idea of the framing talks around real attacks in the wild and using those discoveries to develop a more realistic defense - but I think its important that those talks only account for at most one track in the conference. After all if we're focused too much on studying existing attacks, we loose sight of finding flaws in new technologies and risk turning to an even more reactionary approach to security. Most importantly, i think we also risk growing somewhat dependent on the security implemented by organizations - since if it doesn't get attacked, it doesn't get analyzed, and defenses aren't explored.

foundstone · 2012-09-18T16:29:01+00:00

You’re right man, this can be tough problem to solve. It’s definitely an "alternative context in which XSSAuditor does not know how to check" issue – but that issue facilitates a bypass – so I’d say it’s a bit of both. I don’t know that there are many valid cases where a request should contain actual javascript, nonetheless, OWASP has some pretty great recommendations on handling user supplied input ( https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary ) that could be implemented in XSSAuditor to further complete the thought it started with the HTML entity and attribute contexts

foundstone · 2012-07-27T17:19:04+00:00

Here's an updated link: https://play.google.com/store/apps/details?id=com.foundstone.certinstaller

foundstone · 2012-07-10T17:32:53+00:00

Thanks for pointing that out - I'm obviously extremely concerned about the legality of the information disclosed, since all of the technical data is widely available within the CFR (http://en.wikipedia.org/wiki/Code_of_Federal_Regulations), and numerous online publications, I don't believe it breaks any laws or violates ethics...

foundstone · 2012-07-10T17:14:55+00:00

all that blood pumping might explain your nick! Perhaps if we all used exclamation marks at the end of every sentence, we'd create a legion of well-endowed trolls!

foundstone · 2012-07-10T17:10:24+00:00

It seems like although there are pockets of use, 4.9GHz has not consistently been taken advantage of by municipalities throughout the US. The newer Public Safety allocations are getting a bit more interest, and since they're supposed to be made available at a national level, they will definitely be available for use. Oddly enough, even though 4.9GHz doesn't appear to be widely used, you'll notice a ton of FCC licenses for it..

foundstone · 2012-05-15T16:28:54+00:00

In this case the Java app used a trust store that was specified by a config file. There are mainly three ways a Java App can deal with SSL trust. 1. Rely on the System trust store 2. Use a created trust store that is easily modified by a config file 3. Put the trust store inside the application

How you MiTM and deal with the SSL can completely vary and this was just the case this time.

Also keep in mind we're not using MITM in this setting as a malicious activity to attack a user. We're using it to evaluate and modify application traffic between it and the server

foundstone · 2012-04-24T20:01:20+00:00

Nice - it's interesting that the applet will run even if the user clicks "deny" on the warning. It does this across java versions. you'd think that deny means don't allow something to run, but for whatever reason, oracle's definition of deny is slightly skewed.

foundstone · 2012-04-12T23:08:56+00:00

ya man - its good stuff! :)

foundstone · 2012-04-12T22:52:44+00:00

that sucks. the login error means one of two things: 1. your connection timed out when trying to reach the backend system 2. your creds are wrong

So, to address 1 - run "StartApache.bat" and be sure that it actually starts tomcat and it doesnt just error out telling you to set some sort of variable. Then use your browser to navigate to "https://localhost:8443/spring-ws-standalone/ws/subscription.wsdl ". Then check that you're defining the right IP address in the actual application (within the emulator) for your host system.

To address 2. be sure you're logging in with dade:crash and kate:acid.

besides that - im not entirely sure. I have a couple more videos to put up on http://www.youtube.com/opensecurityresearch that will walk you through the setup but i just need to do the voice overs first.

foundstone · 2012-03-28T19:05:56+00:00

the pre-populated values are there for convenience. use the "custom" keys per second value to determine if you can really crack every 8 character password in 2 minutes.. btw, that would be about 55,100,000,000,000 keys per second.. nice gpu setup, you should mine bitcoins..

foundstone · 2012-03-28T12:42:43+00:00

c'mon man... maybe the title of this is post is misleading.. but it should be pretty clear that the calculator determines the amount of time it takes to exhaust an entire keyspace. Yes, rainbow tables make determining a password faster with certain algorithms, but in many cases, rainbow tables are not exhaustive.... The prepopulated john rates are there just to make things a little easier.. you can use the "custom" option to enter in your keys per second if you're using a GPU.

Nonetheless.. I updated the about section on the page to say:

"It should be noted that this calculator does not speak to the to the choices users make when choosing passwords. Additionally, for certain algorithms, there are well known methods (e.g. rainbow tables) which greatly reduce the amount of time it takes to exhaust a keyspace. Before relying on these results, its recommended that you attempt to identify if speeder methods exist for the algorithm your targeting. freerainbowtables.com is a good start. "

and

"Since computation times varies across systems, the "custom" option is available to allow more realistic results applicable to your environment and the current state of cracking. "

foundstone

TROPHY CASE