Tony Karre

As a security professional, I spend a considerable amount of time building awareness around good password hygiene, and I am starting to see forward progress in efforts like moving users away from short passwords to longer passphrases.  But even as we are moving towards better password selection, most people don’t know that their old passwords […]

Imagine that you work on different engagements or projects in which Kali Linux is one of your primary tools.  Furthermore, maybe you also have the need to keep the data for each of those projects isolated from the others – in other words, you need to avoid cross-contamination between your projects.  In this article I […]

Pen testers often need to stage payloads and other tools on servers outside of their own infrastructure.  In this post I’ll show you how to use the Amazon AWS command line interface (CLI) to dynamically create and manage S3 buckets that you can use in your own pen tests.  I’ll also show you how to […]

Microsoft Word has long offered support for loading images and templates over the network.  This is a great feature within corporate environments because it facilitates the reuse of assets like logos and corporate document templates.  Unfortunately, these features can be abused by bad actors to obtain operational intelligence on individuals, or even to steal credentials.  […]

In my previous post, How to Set Up Your Own VPN Server Using Amazon Web Services, we set up and configured an OpenVPN server using Amazon Web Services, and then we configured Windows and Linux machines to use the new VPN server.  In this post, I’ll show you how to setup your Android phone to […]

A Virtual Private Network, or VPN, allows you to securely connect your computer to another computer network through the internet.  A VPN Server is the computer or network device that runs the VPN, and normally your computer will connect to a VPN Server to “get on the VPN”.  In this post I will show you […]

Just like any small business, the operation of your own household depends on reliable processes and access to technology.  What would happen if your household suddenly lost access to critical services like bill pay, banking or investment websites, or maybe you lost your phone or laptop, or perhaps even lost you?  Just like that small business, […]

About a month ago I attended a local infosec panel discussion (Detect and Defend,  hosted by the St. Louis Business Journal).  I’ve seen a lot of panel discussions, and I’ve even been a panelist from time to time, but none of those events were as particularly engaging as this one.  All of the panelists seemed […]

The concept of secure coding used to be a little hazy, one of those you’ll-know-it-when-you-see it concepts.  Patterns for secure coding generally arrived as one-offs, where some vendor would recommend their product/library/framework  because it “solved critical security problem X and here’s why…”  Recently, however, the vast number of data breaches reported in the news has dramatically driven […]

As IT consultants, we’re pretty sure that we’re smart enough to recognize phishing attacks against us. We all get emails asking us to open invoices, confirm our bank account information, or perform other actions designed to separate us from our credentials and our money. But according to a consultant specializing in penetration testing, 40% of us will still […]