Risky Business #254 -- Does your pentester team know what it's doing?

A new take on quality control for penetration testers...
14 Sep 2012 » Risky Business

This week's feature interview is with Wayne Ronaldson. Wayne's a security consultant with a company here called CQR, but he's cobbled together a fascinating little side project called Exploitable Labs.

In essence, Exploitable Labs is an online capture the flag environment. Participants connect to it, then go about finding various types of vulnerabilities -- in Web applications, servers and network devices. At the end of the exercise, the system spits out a report that can tell the participant where they're hot and where they're not.

Wayne designed the service to be used by people who hire penetration testers -- it's not a certification like CREST, it's an evaluation. It's an interesting idea!

Adam Boileau, as always, joins the show for a chat about the news headlines.

Show notes

Pirate Bay Co-Founder Arrested at Airport on Hacking Charges | Threat Level | Wired.com

Apple Device IDs Leaked by Anonymous Traced to App Developer Blue Toad | Threat Level | Wired.com

Sleuths Trace New Zero-Day Attacks to Hackers Who Hit Google | Threat Level | Wired.com

Report: Half of Android devices have unpatched holes | Security & Privacy - CNET News

Microsoft finds malware hidden in new computers in China | Security & Privacy - CNET News

Phony Al-Jazeera text messages sent by pro-Syrian gov't hackers | Security & Privacy - CNET News

Microsoft axes many of its Forefront enterprise security products | ZDNet

Careful Who You Friend: Taliban Posing as 'Attractive Women' Online | Danger Room | Wired.com

Microsoft Carries out Nitol Botnet Takedown | threatpost

Apple Fixes Huge Number of Flaws With iTunes 10.7 | threatpost

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions | threatpost

Go Daddy CEO Denies Hackers Behind Major Outage | threatpost

Etsy handcrafts rewards for security bug hunters | ZDNet

Google Adds Online Malware Scanner VirusTotal To Security Lineup | threatpost

Red Hat Security Advisory 2012-1259-01 \u2248 Packet Storm

No Right Turn: Hacking the Budget

BitFloor breached, hacker makes off with $250,000 in BitCoins - TechSpot News

ssl - CRIME - How to beat the BEAST successor? - IT Security

Exploitable Labs


My interview with Gotye:


The hackers are having their way right now. I guess that is going to be pretty right? - Roger Stanton St. Mary's College


Now I am able to take the next phase in my profession and after working security for quite a few years, I would
love to improve up on my current knowledge and gain a few new ones.
Where's the best place to get started on I wonder?