now browsing by tag


Class: Penetrations and Remediations – Update 2

Ok, final update to the Penetrations and Remediations class from July 18.

I had a bunch of people asking me for the slides to the class, so; without further ado.

Here they are.

If you have any questions regarding our first take on this class, please feel free to contact me at:

UPDATE: Penetrations and Remediations Class

Just wanted to post a quick update. The class has been moved back a week, to July 18.

About the Class:
Location: Denhac 700 Kalamath Street
Date: 7/18
Time: 11am – 4pm

Class: Penetrations and Remediations

Source: Software Freedom School

I will be conducting a class for the Software Freedom School on July 11. The class will take place at Denhac. Here are the details about the class:

Class: Penetrations and Remediations

Date: July 11, 2015, 11AM – 4PM

Location: Denhac, 700 Kalamath St, Denver, CO 80204 [ Google Maps ]

See the post at SFS:

The past two years have been some of the craziest times in computer security. It is now common for major vulnerabilities to have a pretty name attached to them (thanks PR), vulnerabilities have been found in some of our (previously) most trusted protocols (SSL), and huge vulnerabilities are occurring each day.

Mike has been working primarily on the “blue-team” side of things, that is, the defense side. A lot of times we don’t see the same thing that the “red-team” sees when they are attacking our servers, and a lot of the time, we don’t know the real impact that some of the vulnerabilities have on the systems we have been trusted to defend.

Mike is going to provide a blue-teamers view, on red-team attacks, using recent vulnerabilities.  We want the defense, to see the same stuff that the attackers see. Then, we will take steps in securing systems, to be safe, or minimize the effect of attacks that are coming in.

Mike  will provide a DVD with some images of vulnerable machines, and VirtualBox that will allow you to run these vulnerable machines, and play with them, so you can see the effects, first hand.

About the teacher:
Mike Harris is passionate about Security, Free Software, and Educating our community.

He is certified as a CISSP, GCIH, GISP, CCNA-Security, CCNA, RHCT, and RHCSA. Mike has additional technical certifications which include Digital Forensics Examiner, Network Protocol Analyst, Project+, Linux+, and A+. He will soon graduate with a Bachelor of Science in Information Technology – Security.

Mike has built a CSIRT from the ground-up, including a secure infrastructure using Linux systems (Red Hat and Ubuntu). Mike has extensive knowledge as a Technology Security Auditor conducting assessments, measuring vulnerabilities, security posture on internal and external networks, and account activities for insider threats and abuse.

He is one of the founders and a former board member of TinkerMill, a non-profit organization dedicated to furthering the knowledge of our kids, adults, businesses, and municipalities in the use of high tech with the incorporation of creativity and art. He is also a Red Team Member of the Rocky Mountain Regional Collegiate Cyber Defense Competition.


Average company now compromised every four days, with no end to the cybercrime wave in sight

Source: ZDNet

A scary new statistic out about why it is important to maintain security within your organization. Please contact us to help you ensure that your company isn’t being actively attacked, and to secure not only your exterior, but your internal systems as well.

Here is a short quote from the article:

In a rapidly shifting attack landscape against the backdrop of a hackers’ black market worth billions, if you wait to pentest — you lose.

Still, unless required by law, too many companies and organizations only do a penetration test when they have to.

Often, it’s because they need to comply with regulations or they’ve been told they need to prove they’re secure, in which case it’s a checklist security audit by the numbers.

Most unfortunately, too many only do a penetration test after they’ve been scorched: When hackers have successfully gotten in, executed a payload, and made off with valuable IP, records, customer PII, and cost the company more than it probably knows or can calculate.