Books
Hacking Exposed Web Applications 3rd Edition
October 15, 2010
Publisher: McGraw-Hill Osborne Media; 3 edition
Published: October 15, 2010
ISBN-10: 0071740643
ISBN-13: 978-0071740647
Giving back to the security community is not only a founding principle at Stach & Liu but also a distinguishing feature of our practice. We are one of the few professional services firms that actively conduct cutting-edge research, and we leverage our extensive relationships within the security community to give us unique access to the latest threats, tools, and techniques. This in turn allows us to provide our clients with true insight into emerging risks, so that they are able to make the most informed decision to protect their corporate data and infrastructure.
Recognized as experts in the industry, Stach & Liu professionals present at the top security conferences, author leading security books, and contribute to popular open-source security tools. It gives us great pleasure to share our knowledge with other professionals, and we are happy to give back to the community that has given us so much.
Publications
Articles
Penetration Testing: The White Hat Hacker
August 1, 2007
Vincent Liu authors Penetration Testing: The White Hat Hacker in the July 2007 issue of the ISSA Journal.
Conference Slides
Black Hat 2010 and DEF CON 18 Slides
August 2, 2010
Lord of the Bing slides presented at Black Hat 2010 can downloaded here and DEF CON 18 can downloaded here.
Whitepapers
The Challenges of Automated Application Assessments in a Web 2.0 World
December 12, 2009
Rob Ragan and Vincent Liu author The Challenges of Automated Application Assessments in a Web 2.0 World, which discusses the difficulties of properly auditing modern Web 2.0 applications.
Tools
The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. The project page contains downloads and links to our latest Google Hacking research and free security tools. Defensive strategies are also introduced, including innovative solutions that use Google Alerts to monitor your network and systems.
The SharePoint Hacking Diggity Project is a research and development initiative dedicated to investigating the latest tools and techniques in hacking Microsoft SharePoint technologies. The project page contains downloads and links to our latest SharePoint Hacking research and free security tools. Assessment strategies are designed to help SharePoint administrators and security professionals identify common insecure configurations and exposures introduced by vulnerable SharePoint deployments.
Other Tools
Firecat is a penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network. After a tunnel is established, you can connect from an external host to any port on any system inside the compromised network, even if the network is behind a NAT gateway and/or strict firewall.
MD4/MD5 Collision
Create MD4 and MD5 hash collisions using groundbreaking new code that improves upon the techniques originally developed by Xiaoyun Wang. Using a 1.6 GHz Pentium 4, MD5 collisions can be generated in an average of 45 minutes, and MD4 collisions can be generated in an average of 5 seconds.
Advisories
December 8, 2005
PGP Desktop Wipe Free Space Flaw
PGP Desktop includes a Wipe Free Space utility that claims to eliminate data in all the free space on your hard drive including the the little areas after the end of existing files which may still have old data left behind. In short, the utility claims to wipe file slack space, the unused space in a disk cluster. The software does not work as advertised. It does not clean slack space.
Webinars
March 5, 2010
Harness the Power of Agile
Brenda Larcom (and 7 other IT experts) shares her thoughts around security, the promise of agile, key trends, and best practices. Watch this webinar and hear how these organizations have harnessed the power of Agile.
