The LASCON Badge Game was back in 2018 and the feedback I received was that it was the best one so far. It started out with the following QR code on the back of the badge: Following that QR code took you to the URL https://pastebin.com/J61kDSe2. Viewing that URL gives you the following: V2VsY29tZSB0byB0aGUgTEFTQ09OIDIwMTggYmFkZ2UgZ2FtZSF= V2VsY29tZSB0byB0aGUgTEFTQ09OIDIwMTggYmFkZ2UgZ2FtZSE= […]
For those who don’t know, every year I put together a game that starts on the back of the LASCON badge. It’s typically some combination of crypto challenges alongside application security vulnerabilities with the goal of having it take somewhere around 1-3 hours, depending on experience, to complete. Those who complete the game are rewarded […]
The BSides Austin 2016 Mini-CTF began with the back of the badge. There was a large QR code which took a very long time for me to scan with my phone, and when I finally got it, it was just the numbers “07263584”. Not very useful. Below that, however, there was a string of letters and […]
With an estimated Powerball Jackpot of $1.5B, everybody is talking about it right now. I’ve got my tickets, but with a prize that big, I’m having an easier time listing the things that I can’t buy with the money, rather than what I can. That said, I keep coming back to a concept that statisticians […]
I have been an active member of the OWASP community in some form since 2007. I’ve been the OWASP Austin Chapter Leader, served as the Chair of the Global Chapters Committee, and, most recently, was elected (and re-elected) to the OWASP Board of Directors. In the past, I have heard a number of people in […]
Even though the Drobo is supposed to be a pretty rock-solid tool for backing up your files, there are still plenty of reasons why one would want to keep a copy of those files elsewhere just in case. For example, what would happen if there is a fire and your Drobo is damaged. Are you […]
As an Information Security Program Owner, I get a barrage of e-mails and phone calls multiple times a day from vendors looking to sell us their latest hotness security product. Between the e-mails, phone calls, expo floor at BlackHat this year, and several talks that I’ve seen at past conferences, I have noticed a disturbing […]
When I first put my name in the hat for the OWASP elections in the fall of 2013, I thought I knew what I was signing up for. I thought that my seven year history with the organization in a number of different roles (Chapter Leader, Chapter Committee Chair, AppSecUSA Chair) had me well prepared […]
I absolutely love my job and one of the coolest things about what I do is getting to do proof-of-concepts with bleeding edge technology. I feel very privileged that many companies out there respect me enough to provide me with these opportunities and I feel that engaging on this level enables me to be a […]
I’ve been following Palo Alto as a networking company for a couple of years now. Their claim is that the days of the port-based firewall are dead and that their application-centric approach is a far better way to enforce your access controls. Take the HTTP protocol for example. HTTP typically runs as a service on […]
