by Brad Dixon | Aug 9, 2019 | Disclosures, News
If you missed Brad’s talk, sign up for his Webinar. You might not know it but right now thousands of athletes are training and competing in virtual worlds. I’m not talking about League of Legends or Fortnite. Those games aren’t the only eSports in...
by Brad Dixon | Apr 7, 2018 | Techniques, Tools
We perform application-level security assessments of APIs quite frequently. About a year ago I was working on a project with a large REST API. Roughly 1,300 routes implemented across dozens of micro-services with a very complex role based authorization framework....
by Brad Dixon | Apr 3, 2018 | IOT, Threat Modelling
I spent time in January improving my understanding of Global Navigation Satellite System (GNSS) technology and working on lab techniques to test GNSS dependency during security assessments. GNSS is a broader term referring to all satellite positioning systems such as...
by Brad Dixon | Oct 24, 2017 | Android, Mobile, Techniques, Tools
Performing security assessments of complex systems sometimes requires some technical gymnastics to “man-in-the-middle” (MITM) communications between components. MITM techniques are essential for observing and manipulating communications in ways that a...
by Brad Dixon | Sep 20, 2017 | IOT, Techniques
A very typical security assessment and penetration test for Carve involves a device, multiple RF communications interfaces (cellular, WiFi, Bluetooth, ZigBee, some mutant 802.15.4 based stack, etc.) and one or more back-end services. Getting access to all of these...
