Mayhem Case Studies

Shortly after OpenSSL’s Heartbleed, Shellshock was discovered lurking in two-decades old Bash code. How could open source software be vulnerable for so long? This episode looks at how open source projects have for the most part gone untested over time.

In part three of the series, I will discuss the role of test and evaluation in your organization.

Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters.

Vulnerabilities can be inherited through your software supply chain, and it’s more common than we may like to admit.

Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters.

What is the allure of lockpicking at hacker conferences? In this episode Deviant Ollam explains why these mechanical puzzles remain popular with hackers. Ollam, who was an early member of Toool, The Open Organization of Lockpickers, discusses his career as a physical pen tester and also provides some basic lockpicking tips.

Part one of a three-part series. Applications contain hundreds of code components. Applications are constructed similarly to automobiles: parts are sourced from multiple vendors to produce software that is then used by the consumer.

Valentine’s Day has unfortunately come to a close. What follows love? Heartbreak. That’s right, it's time to dust off your best stationary and bust out the ice cream because we’re writing a series of break up letters.

Some may remember NCSA HTTPd, a predecessor to Apache. However, what they might not know (but won't be surprised by!) is that it had plenty of bugs. Let's dive in and reproduce a classic command injection with fuzzing!