Skip past navigation
On a mobile phone? Check out m.twitter.com!
Skip to navigation
Skip to sign in form

Hey there! cbyrd01 is using Twitter.

Twitter is a free service that lets you keep in touch with people through the exchange of quick, frequent answers to one simple question: What's happening? Join today to start receiving cbyrd01's tweets.

Already using Twitter
from your phone? Click here.

cbyrd01

New blog post: Open Source SIM setup (PreludeIDS+OSSEC+Snort) http://riosec.com/open-source-sim-installation-prelude about 12 hours ago from web
@Beaker In case you didn't know, http://www.cloudsecurityalliance.org/guidance/domains/ is currently returning a 404 Not Found 9:20 AM Dec 17th from Tweetie
@brianljohnson Outlook<->Exchange uses MAPI/RPC. It's going to be difficult even if the client and server are not set to use encryption. 3:11 PM Dec 16th from Tweetie in reply to brianljohnson
@brianljohnson I'd try NetWitness Investigator - I don't know if it supports it, but worth a shot I suppose. 3:10 PM Dec 16th from Tweetie in reply to brianljohnson
RT @hdmoore: Adobe PDF 0.9-day added to Metasploit: [msf> use exploit/windows/fileformat/adobe_media_newplayer.rb] (via jduck/pusscat ... 1:00 PM Dec 15th from API
@hdmoore Awesome! Will meterpreter over passivex be re-enabled? The new pivoting/multitasking + passivex would be killer! 8:59 AM Dec 14th from Tweetie in reply to hdmoore
I figure someone at Palo Alto Networks or McAfee (Enterprise Firewall) would want L7FW.com at least. 10:20 AM Dec 12th from Tweetie
Any @securitytwits interested in the domain name L7FW.com? 10:18 AM Dec 12th from Tweetie
@theharmonyguy Not vuln to sniffing by itself, but check out Moxie Marlinspike's sslsniff and sslstrip: http://j.mp/5PFARq 6:23 AM Dec 10th from Tweetie in reply to theharmonyguy
@theharmonyguy The requested domain name leaks through Server Name Indication (SNI) and in the CN or SubAltName part of the server cert 6:19 AM Dec 10th from Tweetie in reply to theharmonyguy
@theharmonyguy They don't see the URI just by sniffing. It is in the TLS session, and why name-based virtual hosts and TLS don't mix well. 6:10 AM Dec 10th from Tweetie in reply to theharmonyguy
RT @HenkvanRoest: Google CEO says privacy doesn't matter. Google blacklists CNet for violating CEO's privacy. Retweet of @Rhalbheer http ... 5:58 AM Dec 10th from API
@Beaker I really enjoyed your presentation! Trying to read the slides was a little frustrating though; are they available anywhere else? 8:43 PM Dec 7th from Tweetie in reply to Beaker
@redpig I didn't much mention of SELinux, was that considered? Very interested in the comparison vs. grsecurity, Tomoyo, etc. 9:14 AM Dec 7th from Tweetie in reply to redpig
@redpig I hope to get time to play with it more soon. I like the practical approach you're taking rather than trying to reinvent security. 9:00 AM Dec 7th from Tweetie in reply to redpig
Standards? Where we're going we don't need standards. 7:03 PM Dec 6th from Tweetie
@greensql From the docs it sounds like IPS mode checks suspicious first then whitelist? Seems like perf. would be better the opposite? 7:39 PM Dec 3rd from Tweetie
Also, SSL VPN (Cisco AnyConnect, OpenVPN) != browser-based VPN (Cisco WebVPN, OpenVPN ALS) 11:39 AM Dec 1st from Tweetie
Talk amongst yourselves. I'll give you a topic. Clientless VPNs are neither clientless nor VPNs. Discuss. 11:28 AM Dec 1st from Tweetie
RT @hdmoore: Rapid7 released NeXpose Community Edition (free): http://bit.ly/8d3vMe Metasploit Integration: http://bit.ly/75xibt 9:52 AM Dec 1st from API

more

Name Christopher Byrd
Location St. Louis, MO
Web http://riosec.com
Bio InfoSec manager, engineer – [program, compliance] management, intrusion [detection, prevention, response], [network, host] security, geek, father

RSS feed of cbyrd01's tweets RSS feed of cbyrd01's favorites