Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!


Just when you thought this blog was bad enough, you can now hear me complain and debate security with people much smarter than me on the following podcasts :


Special thanks to the Security Justice crew for inviting me onto their 1st ever “International BBQ Edition” podcast back in September.

Special guests where myself and Robin “digininja” Wood.

Audio can be downloaded from the Security Justice website, or found in their iTunes feed.



Summer 2009 (07/07/2009) – “Abusing Metadata”

This was an article I wrote some time back on the ways to view metadata and use it in targetted attacks. This isn’t the most technical article due to limitations on space and the target audiance (covering a range of highly technical and also not so technical readers is always tricky), but I hope it covers the key points.

More information on this issue can be found on the 2600 website.


04/2010 “Special Report: Shmoocon”

I managed to not only survive the Snowpocalyse in Washington, but I also managed to write-up some of the great presentations. Talk about multi-tasking 😉

05/2009 “Special Report: BruCON”

A review of the first ever BruCON conference in Brussels. For a first-time conference, there’s nothing that comes even close.

04/2009 “Special Report: Blackhat Europe Roundup”

This article contains some of the key points from the Blackhat Europe event in Amsterdam.

03/2009 “User Enumeration with Burp Suite”

In this article I discuss enumeration of users using Burp Suite as an attack tool. This simple example shows that user feedback can be used to attack an application and retrieve information that should not be possible to obtain.

UPDATE: Due to changes in the structure of the blog (appologies for the issues), the hakin9_burp.html referenced in the article is no longer accessible directly. The discussed php files (login/login2) and userlist can be downloaded HERE.

UPDATE: This article is now available on the hakin9 website for download and will be reprinted in the German (DE) version of hakin9 in the Nov/Dec 2009 issue.

01/2009 “Training: The Security Minefield”

This article reviews my experiences over the last few years with security (and security related) training and certification. Coverage of CompTIA Security+, MCSE Security, CEH, ECSA, and the SANS GPEN courses.

UPDATE: This article is now available on the hakin9 website for download.


Hacker Public Radio


Episode 454

I joined Finux and Benny (@Security4All) to chat about the recent BruCON conference in Brussels.

You can find a copy of the interview here.

Episode 445

Frank Breedijk and I joined Finux to chat about the happenings from Hacking at Random 2009 in Vierhouten, NL

You can find a copy of the interview here.

Episode 420

I was again permitted to grab a microphone and chat to Finux and Frank Breedijk about Blackhat/Defcon 17

You can find a copy of the interview here.

Episode 315

I was lucky enough to be interviewed by Finux for episode 315 of the HPR Podcast.

You can find a copy of the interview here.



Linux Magazine

Issue 96 (Nov 2008)

“Safety Snort”

This article is a basic step by step guide to setting up a Snort sensor using a backend my-sql database. A basic setup of BASE is also discussed, along with the discussion of IDS vs. IPS

UPDATE: This article was also made available in German through Linux Magazine’s “Admin and Security” special feature released in Germany, Austria and Switzerland.

%d bloggers like this: