This presentation, DEFEATING THE NETWORK SECURITY INFRASTRUCTURE.pdf, was made after some brainstorming with some friends.  The purpose of the discussion is to debate how internal enterprise resources might be (in)adversely exposed to the internet by an insider, using common protocols, tools and techniques such as SSH, HTTP(s) and proxying.

  Something I wrote a while ago about spoofing, transparent proxying and wireless networking. Use with care and only for educational purposes. The paper is called Trick the wireless user.

  I recently had the opportunity to speak at an ISSA event in Belgium about Web Application Firewall technology, also known as WAF. The presentation can be downloaded here or at the ISSA Belgium website.

  I had the pleasure to talk at the Belgium OWASP chapter. Here is a copy of the introduction presentation on WEBGOAT and the PANTERA Web Assessment Studio Project.

It’s been a while ago, but I found the courage to write a new paper. I changed focus a little bit and started exploring web services and related stuff. Here is a very practical tutorial using OWASP’s WebGoat and SOAPUI.

This is a link to the presentation on WebScarab, held at the Belgium Local OWASP chapter.

A tutorial on Metasploit.

  A tutorial on scanning a VPN implementation using ikescan.

  You can find a tutorial on sbd (Shadowinteger's Backdoor tutorial).

  You can find a tutorial on how to setup smartcard based authentication on NOKIA IPSO appliances.

  A practical tutorial on how to setup and test a small IPv6 network.

  A new explaining on how to scan for vulnerabilities on SSL based services.

  A tutorial showing OpenSSL in an CA environment and other HTTP/SSL related stuff. You can download part1 and part2 here.

  A new tutorial showing how to hide netcat on NTFS file systems using ADS. Download the paper here.

  This is a tutorial on hping (version 2), describing basic and advanced techniques that can be of great benefit in PEN tests and other security related work. Download the tutorial here.