Monday, December 7, 2009

DojoSec Sessions Ep. 1 - Jeremy Brown - From Static Analysis to 0day Exploit

At DojoSec the mission is to spread security knowledge in all forms of delivery. Our newest effort is called DojoSec Sessions which will feature screen captures and presentations from top-notch security professionals. DojoSec presents Jeremy Brown with an excellent presentation on Finding Vulnerabilities with Static Analysis. Thanks Jeremy for your contribution!

Monday, November 30, 2009

Mobile Communications Security Symposium

REGISTER ASAP - The Capitol College Innovation and Leadership Institute will host the Mobile Communications Security Symposium on December 4, 2009 from 8 a.m. to 12 p.m., on campus, in the Avrum Gudelsky Memorial Auditorium. There is no cost to attend this event. To learn more about the program and the speakers, please visit

To register for the symposium:

Send an email to
Subject: Register, Mobile Comm. Security Symposium


Wednesday, November 25, 2009

Marcus' Mailbag: Policy, Enforcement, and Monitoring

I received the following email on Commercial vs. Open Source, Policy, Enforcement, and Security Monitoring. I'm posting this email in order to share some of the views. It could be perceived as a bit of a rant, but I'm posting it below because it could spark some thought and conversation. Let me know what you think. If you have problem with the grammar, please rely on context clues. _MJC_ :)

=-=-=-=- BEGIN E-MAIL -=-=-=-=

In the Network security field they are vendors that sell products. They claim the products will catch the bad guys, disassemble malware and save the world. All we need to do is buy their products.

Then they are those Open Source vendors that sell support of some open source tool like Clam AV or Snort all we need to do is use it right and we are safe and they sell themselves as consultants. This model for doing business is not new, In the Financial services industry you have those who claim to be financial planners and when you go and see them they do a budget workup with you and then sell you commission based products like life or medical insurance. Then you have those who claim to be fee based financial planners (much like the open source pimps) and sell you things like Term insurance or no load mutual funds you supposedly pay for their expertise.

The problem with these approaches is they are PRODUCT based. The real solution is a mindset and action to get the desired results not some product Open Source or otherwise.

Network Security is not brain surgery. You need policy, enforcement and monitoring. If those 3 are not done then things break down.

Policy that is not enforced is useless, it's just as bad as if there was no policy at all. In fact if you have a policy you are lured into a sense of false security. If there is no Policy users know they are left to fend for themselves. At [ XYZ ] we don't have a problem in areas like Europe where privacy laws demand they users not be monitored or punished for breaking policy. It's the areas where we have the strictest policies that we have problems.

Enforcement - If policies are not enforced then it is useless. Same with dealing with problem areas of the network. If management turns a blind eye towards tunneling and insists on using systems that are not locked down. Giving most users admin rights and walking on egg shells and not going after employees equally for violations you will never secure the network.

Monitoring - I know a few companies we work with and problems arise and you find out that they have a special internet connection that is not being monitoring. They have this special RESEARCH network they can surf porn on. They tether their laptops with their Blackberries or use a SSL tunnel to do whatever they want on the network. Especially in the technical companies the very ones that should be examples and protecting their networks are doing these things. I have seen individuals have their IP addresses Whitelisted so they could watch movies all day claiming they are doing company business then we all wonder how malware got on the network.

Products do not protect or defend the real network. They point out the obvious and until someone pokes their finger at the sore and lets the world know they need to change network security is a charade. Even DojoSec with it open source pimps is not making things better unless it goes after the above mentioned issues.

That's my 2 cents...

=-=-=-=- END E-MAIL -=-=-=-=

Tuesday, November 24, 2009

Virtualization is Great for Forensics

The rumblings suggesting that "The Cloud" and Virtualization is an enormous hindrance to digital investigations are exaggerated. These claims sound like scare tactics to me, I think virtualization makes incident response to computer crime much more efficient. The goal of incident response is to preserve as much information as possible. Software such as Live View from CERT is great because it allows investigators to boot disk images.

Virtualization is cutting out the middle man here, as an investigator I'd rather have a virtual machine instead of a disk image. Virtual machine copies provided by service providers provide a "self contained crime scene", since the virtual machine is frozen in time including the memory. At DojoCon 2009, Richard Bejtlich shared a story were investigators responded to an incident working with a Cloud Provider and were greeted with a shrink wrapped crime scene.

Anyone who as ever used a product such as VMware may have copied and moved images, this is a good thing. It seems that when some are dedicated to screaming about problems, they may be ignoring a great solution staring them right in the face.


Monday, November 23, 2009

Google Hacking Renders Redaction Futile

Lately, I've been looking at tons of SQL injections and SWF login blog posts and screen captures. I notice most hackers attempt to redact the compromised URLs. However, in most cases there is enough information from the screen captures to find the sites.

The attempt to redact the information is an attempt to protect the innocent. The latest instance of this was a blog post on a Symantec SQL Injection that yielded tons of information including serials and passwords. The image below is a screen capture posted within the blog post.

Next, I visit Google and type: intitle:Teacher Sima

This is just basic Google Hacking here, nothing advanced. This is something I've been instinctively doing when I see something like this.

So the question is "Why redact?"


Thursday, October 29, 2009

Metasponse Talk at Techno Forensics

My friend Joshua Marpet recorded video of me doing my Metasponse talk at the Techno Forensics Conference at NIST on his iPhone. He'll be sending me the complete video so I can post it as one. Although I could take my own video equipment everywhere with me, it sometimes feels stage. This is as real as it gets. Thanks Joshua!!

Marcus J. Carey - Metasponse Talk @ Techno Forensics Conference from Marcus J. Carey on Vimeo.

Wednesday, October 14, 2009

Cloud Computing and Sunburn

Can you get sunburn if it’s cloudy outside? The answer is yes, because the clouds don’t block the dangerous rays that burn and cause cancer. Many people believe that the clouds give their skin protection against the sun. This is a big mistake that I’ve found out first hand many times recently. So I tend to put on sun block before I go outside for long days. Our skin is a major asset because it is the first line of defense against infection. We are personally responsible for protecting our asset by applying sun block when needed.

In the information technology industry, Cloud Computing has reminded me of the false sense of security that real clouds have given us. Recently the T-Mobile/Microsoft Sidekick data loss debacle has put into question the reliability of Cloud Computing and Cloud Storage. It is important to remember, when we outsource services and infrastructure to the Cloud, we don’t outsource responsibility.

The T-Mobile Sidekick issue affected many consumers. Just imagine if this was a billion dollar sales organization which lost sales leads, bad news. Several Google Apps services have been disrupted lately, thank goodness there has been no data loss associated with those outages. If Google were to lose my critical data, whose fault would it be for no back-ups? The old saying goes, “When you point your finger at someone, there are three fingers pointing back at you.”

I believe that Cloud solution providers will do their best job (hopefully) to maintain confidentiality, integrity, and availability of their client's data. When it comes down to it, each organization still must accept responsibility and accountability for their critical assets. If you moved to the Cloud, your business continuity and disaster recovery plans should reflect the worst case scenario.

This means you should have some sort of limited backups that your organization controls. At least perform an assessment of what the minimum requirements are, and then make plans accordingly. I’m not telling you anything new here, it takes a bit of effort. Who are we kidding? Hard drives fail, tape backups didn’t backup anything, back-ups fall off trucks, dog ate my homework, etc…

No one, not even the Cloud, is going to do your pushups for you. Cloud Computing won’t keep your organization from getting burned.

Sunday, October 4, 2009

Malwarebytes - An Effective Malware Removal Tool

If you are having a tough time removing malware from your PC, you might want to check out Malwarebytes Anti-Malware software. Thankfully, you can download a free version which is very effective at removing malware from your Microsoft Windows based system.

Malwarebytes is so effective, that it is one of the preferred tools used for malware removal within the U.S. Government. It produces equal or better results than many other commercial tools on the market. It's very simple to use and the scanning process is relatively fast in comparison to other malware removal tools.

Monday, September 28, 2009

DojoSec Monthly Briefings - October 1, 2009

Brian Baskin and I are doing somewhat controversial talks at the Techno Forensics conference. We'd like to deliver these talks at DojoSec Monthly Briefings first, followed by an open discussion on both of our talks. See you there.

CASUAL CYBER CRIME: The Fine Line Between Social and Criminal Use
by Brian Baskin

We're living in an age of devices and applications that push the boundaries of dreams, an age of instant gratification, but also the age of Digital Rights Management and Copyright laws. With questionably illegal modifications becoming simple enough for children to use, where does the line get drawn between squeezing more functionality out of your digital devices and software and breaking felony laws? In this talk attendees will explore the justifications and rationales behind the use of questionable hardware and software modifications and understand the mentality behind why their use is rapidly catching on in the general population.

METASPONSE: Incident Response with Metasploit
by Marcus J. Carey - Director of Innovation, Saecur

The Metasploit Project has drawn the ire of many security professionals. The project maintains that it exists to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. While many may argue the merits of Metasploit, the fact remains it is one of the best free and open source security related projects on the planet. Instead of fighting these type of projects we can embrace what works for security professionals. In this talk I will show security professionals how to harness to power of Metasploit for incident response.

Tuesday, September 22, 2009

DojoSec TV - Web Application Security with Matt Fisher

In this episode of DojoSec TV, Joe McCray interviews Matt Fisher of Piscis Security. Matt is a pioneer in the web application security arena. This interview has a great conversation on the topic. Matt will deliver a talk at DojoCon.

Wednesday, September 16, 2009

DojoSec TV - What the FISMA?

In this episode of DojoSec TV, Joe McCray interviews Chris Burton about security compliance. Security compliance and FISMA is a foreign language to many. I hope this interview can serve as a quick introduction to FISMA. Chris will be on the State of Security Compliace panel at DojoCon.


Tuesday, September 15, 2009

Matt Fisher at DojoSec

Matt Fisher of Piscis Security delivered a great talk at DojoSec. Matt is known as a pioneer in the Web Application Security arena. He really dropped some knowledge in this talk. The good news is that Matt will be back in the "Dojo" sharing his knowledge at DojoCon. Hope you enjoy this content.

Friday, September 11, 2009

DojoCon 2009 Interview with Con-Techie

Con-Techie, the open source tech conference directory, interviewed me about DojoCon 2009. In the article I talk about the birth of DojoSec, DojoCon, and my relationship with Johnny Long of Hackers for Charity.

Let me know what you think.

Thursday, September 10, 2009

DojoCon November 6th & 7th

I'm pleased to announce that DojoSec is presenting a two-day conference DojoCon on November 6th & 7th. The list of speakers is already impressive and we will be stuffing more content into this two-day event as we go.

For every registrant to DojoCon, I will donate $50 to Hackers for Charity. Please show your support for DojoSec and Hackers for Charity by registering for the conference today.

Tuesday, September 1, 2009

September DojoSec Canceled


I apologize for the late notice but I was holding out for a confirmation that fell through. Logistically it's not always easy to pull off DojoSec Monthly Briefings. Throughout the summer months it has been harder. Despite setbacks the future is looking bright for DojoSec.

Next month will mark the one year anniversary of DojoSec Monthly Briefings. We will have two DojoSec events in October. The monthly DojoSec will take place on October 1st. We will also have a DojoSec Track at the Techno Forensics Conference on October 27th.


Marcus J. Carey

Wednesday, August 5, 2009

Techno Forensics and Digital Investigations Conference Offer

The management team of TheTrainingCo., producers of the annual Techno Forensics Conference & Digital Investigations Conference at NIST Headquarters in Gaithersburg, MD, has made all DojoSec attendees a special offer for this year's Conference being held on October 26 - 28, 2009.

They have offered us some FREE seats for the entire 3 day conference. This conference will also serve as our official DojoSec Monthly Briefing for October. There will also be a DojoSec half-day track which I will host.

This will be the fifth year for Techno Forensics & Digital Investigations, and many of their Techno Security attendees and speakers attend both conferences every year. These are some of the top practitioners in the world in the fields of eDiscovery, Digital Forensics and Information Security. There were over 1,100 people registered for this conference last year and it has become a very popular event.

The current full price registration is $1095. In order to take advantage of this offer, register using the website address below and select that price, but enter "0" for amount paid and enter "DojoSec “ in the Promotional Code section of the form. For any attendees who hold a CISSP, CISA or CISM certification, this conference also provides 20 CEU hours.

Here's more information about the conference:

To register for one of the FREE VIP seats, visit the following online registration page and follow the instructions provided above

If you are planning to attend, please register for the event by August 15th. I hope to see you all there.


Monday, August 3, 2009

DojoSec August 6, 2009 Speakers

Apple's File Vault - How Secure is it?
Location: Capitol College, Avrum Gudelsky Memorial Auditorium
Time: 6-10pm
Admission: $1


Apple's File Vault - How Secure is it?

Sean Morrissey
Computer Forensics Senior Professional

This topic will cover new discoveries in Apple's File Vault technology. Sean Morrissey is a Computer Forensic Senior Professional for CSC. Sean's background is in law enforcement and the U.S. Army. Sean's focus has been on Apple's iPhone and Mac operating systems forensics. He is presently an instructor in Computer Forensics at the Defense Cybercrime Center (DC3). Sean contributed as lead author to Syngress's "Mac OS X iPod, and iPhone Forensic Anaylsis" book.

The First 120

Mr. Dale Beauchamp
Branch Chief Digital Forensics
Transportation security Administration (TSA)

“The First 120” This topic references the use of live forensics during an incident response to investigate any given incident from report to containment in 2 hours or less. Similar to solving murder cases in the first 48 hours it is crucial to investigate incidents to closure quickly and completely. This technique answers both the pressure from management and the need to accurately eject attackers from the enterprise. Use of this rapid response technique has been a proven effective method in limiting the time attackers have to dig in and change their tactics to avoid detection. The tools and processes to meet this task will be discussed in detail to include a real world case example.

Dale Beauchamp currently serves as Branch chief of Digital Forensics for the Office of Information Security for TSA. Dale previously served as Senior Forensics and Intrusions Instructor for the Defense Cyber Training Academy. As an instructor for DCITA he developed and delivered courses for federal state and local law agencies engaged in the investigation of high technology crime and intelligence gathering. Dale has seven years law enforcement experience as a Maryland State Trooper. As a Trooper he was assigned to the Computer Crime section. Where he worked as a Computer Forensic Investigator providing, detailed digital forensics analysis support to a host of criminal and administrative investigations. Additionally he has served as the Senior Forensics Analyst for the Transportation Security Administration’s, Incident response and Forensics team. While on the TSA incident response team he performed detailed forensics analysis and provided support for a variety of administrative and criminal investigations. Dale has a Bachelors of Science degree from the University of Baltimore in Business Administration.

The Big Picture: Web Risks and Assessments Beyond Scanning

Matt Fisher
Web Application Security SME / Pent-Test Lead
Piscis LLC

This talk is an unabashed look at the role and limitations of automated technologies in a complete web risk assessment by an industry pioneer and veteran. Whereas once a good web scanner could be thought of at the sum total of a strong web application security program, now it's only the beginning. We will look at a broader picture of web risks and their associated threats, and what assessment techniques and technologies can be applied to them.

Matthew Fisher was the first Security Engineer hired by what was arguably the most successful web application scanner manufacturer in the industry and was instrumental in building the web application security industry. He recently left Hewlett-Packard (which acquired his former company in 2007) to start Piscis; a unique consulting company that 'blackboxes' the industry's best veterans to organizations that would otherwise be unable to obtain their resources. Under Piscis, Matt is currently providing services to a government security agency, and leads the Penetration Testing team while also implementing a holistic software assurance program. He has several original vulnerabilities, exploit and testing techniques to his name, and is an accomplished writer and speaker. He has presented at ShmooCon, ToorCon, Gartner, CSI, the NSA's ReBl conference, and many others. This is his 4th year presenting at the DoD Cybercrime Conference.

Sunday, July 26, 2009

Saecur DojoSec June 2009 - Eoghan Casey, cmdLabs

Eoghan Casey of cmdLabs presented a talk on the Mobile Phone Forensics. This talk highlighted some new methods of extracting data which in many cases would have been considered loss. Saecur DojoSec is sponsored by Tenable Network SecuritySourcefire, and TechGuard Security.

Saecur DojoSec June 2009 - Joe Klein, Command Information

IPv6 guru, Joe Klein of Command Information gives a talk on the already present dangers of IPv6. Saecur DojoSec is sponsored by Tenable Network SecuritySourcefire, and TechGuard Security.

Saecur DojoSec June 2009 - Richard Goldberg, Esq.

Programmer turned lawyer Richard Goldberg, Esq gives a great talk about the legal ramifications of doing information security work. Saecur DojoSec is sponsored by Tenable Network Security, Sourcefire, and TechGuard Security.

Saturday, July 25, 2009

Saecur DojoSec June 2009 - Alain Zidouemba, Sourcefire

Alain Zidouemba from Sourcefire VRT delivers an interesting talk on writing custom Anti-Virus signatures using ClamAV. Saecur DojoSec is sponsored by Tenable Network Security, Sourcefire, and TechGuard Security.

Sunday, July 19, 2009

Jayson E. Street Interview - Who's Hacking America?

Jayson E. Street handled this interview like a true Information Security Professional should. It reminded me of Dragnet, "Just the facts!". No exaggerations and he ended up being correct. I've seen many people jump the gun and pointing fingers before all the details are known. Kudos to Jayson for keeping a level head.

Wednesday, July 15, 2009

Great Event: Communicating the Value of Security

You are invited to transform you career and learn how to communicate the value of security. Michael Santarcangelo, an innovator in the field of security, author and professional speaker – you’ve seen him speak — blends his unique and powerful experiences into an innovative seminar that rapidly transforms how participants communicate the value of security (especially to those without a technical background).

During this special preview of the Security Catalyst – Communicating the Value of Security Seminar – combined with an afternoon for the family (think: pool party), BBQ (provided courtesy of Cauldron) and then an afternoon evening of “campfire conversations” to explore whatever topics make sense to those of us there, as a families.

Saturday, July 25, starting at 10AM - George Mason University, Fairfax, Virginia

To learn more and sign up now:

Tuesday, June 30, 2009

July DojoSec Canceled

The July DojoSec Monthly Briefings is canceled due to a conflict with the federal holiday observation this Friday. I hope you all enjoy your long weekend. The next DojoSec will take place on August 6, 2009. Videos from the June briefings will be released soon.

Tuesday, June 16, 2009

DojoSec Talk at SANSFire Baltimore

DojoSec: How to Build a Hyper-Local Security Community
- Marcus Carey, DojoSec
- Thursday, June 18 * 6:00 p.m. - 7:00 p.m.

Do not leave this event to go back to your normal sequestered existence, the information security industry needs you. There are people dying for you to mentor them and the key to success in our industry is the sharing of information. After this event the attendees should go back into the local security communites and lead.

In this talk attendees will learn how Marcus started the most well attended monthly security professional meetup in the country. You will learn how that meetup has gained considerable international buzz in the information security industry. Together with the SANS Institute events, local information security professionals can keep the fire burning throughout the year by going hyper-local.

Marcus J. Carey is passionate about mentoring our current and next generation of security professionals. In Marcus' 15 year information security career, he has worked in Navy Cryptology, at NSA, at DoD Cyber Crime Center, and currently engineers solutions for a federal agency. Marcus created DojoSec to mentor and facilitate knowledge transfer amongst information security professionals. Marcus' skillset includes network exploitation, data forensics, secure network architecture, and log analysis. Marcus earned a Master of Science in Network Security from Capitol College in Laurel, Maryland. Marcus is also a contributor to the PaulDotCom Security Weekly Podcast and Blog.

Friday, May 22, 2009

Hyper-Local Security Communities

People should concentrate more on their local area and build hyper-local security communities. It's the locals that can make the biggest impact on your life. So many people are obsessed with national level attention, but if they handle their business locally their name would blow up. This may be a bit strange to some that I'd rather be known in my area than nationally. You can trace the paths to success in many professions and see the mavens were successful on a small or local level before they achieved national fame.

Wednesday, May 20, 2009

DojoSec Monthly Briefings for June 4, 2009

The speakers for DojoSec Monthly Briefings for June 4, 2009 are set. Feel free to pass this information along to a friend so they can register.

Date: June 4, 2009
Time: 6:00 - 9:30 PM
Entry Fee: $1
Location: Capitol College - Avrum Gudelsky Memorial Auditorium




Alain Zidouemba, Sourcefire -


Clam AntiVirus is an open source anti-virus toolkit for UNIX systems. The main purpose of this software lies in the integration with mail servers enabling mail attachment scanning before the end user receives a virus. Like other anti-virus software, the engine for ClamAV has pattern matching technology at it's heart. Updates to the malware signatures are released on a regular basis by ClamAV Researchers. When no signatures are available however, or when updates are not coming fast enough the only option is to create signatures. Fortunately, ClamAV signatures are open and this enables the administrator to fill in the gap for themselves.


Alain Zidouemba was born in Ouagadougou, Burkina Faso. He studied Mathématiques Supérieures and Mathématiques Spéciales at the Lycée Jacques Amyot in France and Electrical and Computer Engineering at Howard University in the US. He worked in the area of network modelling and simulation at OPNET Technologies before taking a position at PestPatrol as a Spyware Researcher. He later joined Computer Associates to work on intrusion prevention and behavioral malware analysis. Alain recently became part of the Vulnerability Research Team (VRT) at Sourcefire and performs research in the areas of intrusion prevention and anti-malware.



Richard Goldberg, Esq. -


In your service and employment contracts, there are certain things you should never agree to, and there are certain protections you always need. Otherwise you're essentially betting your future, and the future of your company, on the hope that nothing will go wrong. Ever.

This talk will tell you how to keep yourself out of trouble. Topics will include dealing with "standard" contracts and "standard" provisions; what it means to "indemnify" someone else; how to protect your intellectual property and confidential information; and other dangers, including warranties and audit-rights provisions. It will also cover some negotiation strategies.


Richard is a Java architect-turned lawyer. Having worked in software beginning in the mid-90s with commercial customers and federal/DOD contractors and agencies, Richard has represented small information security companies and some of the largest names in OpenSource.



Eoghan Casey, cmdLabs


Acquiring and analyzing physical memory is one the more challenging aspects of mobile device forensics, but can also be one of the most rewarding. Delving into deleted data on a mobile device can uncover valuable information, particularly when an individual took steps to conceal his activities.

This seminar covers various techniques and tools for dumping and analyzing physical memory from mobile devices, including Flasher boxes. In addition, we will provide examples of items recovered from physical memory that are not accessible using most forensic tools.

As we become more adept at obtaining deleted data from physical memory, some manufacturers are taking steps to enhance the security of their devices. We will discuss potential approaches to circumventing these security measures, with the hope that we can continue to improve our abilities to recover useful information from mobile devices.


Eoghan Casey is founding partner of cmdLabs (, author of the foundational book Digital Evidence and Computer Crime, and coauthor of Malware Forensics. For over a decade, he has dedicated himself to advancing the practice of incident handling and digital forensics. He helps client organizations handle security breaches and analyzes digital evidence in a wide range of investigations, including network intrusions with international scope. He has testified in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.

Eoghan has performed thousands of forensic acquisitions and examinations, including e-mail and file servers, mobile devices, backup tapes, database systems, and network logs. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. In addition, he conducts research and teaches graduate students at Johns Hopkins University Information Security Institute, is editor of the Handbook of Digital Forensics and Investigation, and is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.

Thursday, April 30, 2009

What Tool Should Everyone Know?

I'm always asked "What tool should I learn?". Wireshark is the most flexible tool across the board, no matter what your information technology discipline is. Download Wireshark at For those who don't know, Wireshark is a FOSS network protocol analyzer. I love me some Wireshark! If you aren't experienced with it you need to download now and play. Any questions? Please leave comments. Happy Packet Sniffing :)

Wednesday, April 29, 2009

Hack Your Degree: Secrets of Test Taking

In this video I talk about the secrets of test taking and how I did four years of college credits in 12 months (AKA Hacked my Degree). I received my Regionally Accredited Bachelor's degree from Excelsior College. I followed that up with a Master of Science from Capitol College. Click links for more on CLEP or DSST tests for college credits.

Tuesday, April 28, 2009

DojoSec Monthly Briefings' Talks - May 7, 2009

Location: Capitol College - Laurel, Maryland
Time: 6:00 - 9:30 PM

Please register by clicking the registration tab.

Title: Void Your Warranty

Speaker: Sean Wilkerson, Co-Founder Aplura


Typical enterprise network security architecture includes many solutions
(software and hardware) designed to do things such as enhance
visibility/detection of threats or stop unwanted traffic. Billions of
dollars are spent each year on security products which keep color graphs
on our executives desks, security managers at relative peace, and the
vendors in business, but what are these products missing?

The average IT Security administrator is slowly losing control of their
network with each appliance or turn-key solution they install. We will
discuss how to get back this control, hold your vendors and staff
accountable, and why this is critical.

This won't be nearly as dramatic as a Fox exclusive: "When Security
Products go Bad," however; we will discuss the larger problem and what
you can (and should) do to inspect, audit, and enhance your security

Speaker Bio:

Sean is co-founder, partner, and consultant for Aplura, a DC-area
security consulting company. Sean has spent the last decade managing IT
and Information Security systems. For the last half of that time, Sean
has traveled to several continents for many entities, with a typical
objective to enhance network visibility and reduce analyst reaction time.


Title: FISMA: It doesn't bite

Speaker: Dan Philpott, Founder


In this seminar Dan Philpott will discuss the Federal Information Security Management Act (FISMA) and the compliance regime created for it. Starting with a high level overview of FISMA the problems and possibilities, fallacies and future of the FISMA framework will be explored. The goal of this talk is to present the FISMA framework as it is intended, not a mindless exercise at paper compliance, but as guidance and method to achieve functional security scoped to the risk of operation.

Speaker Bio:

Daniel Philpott is an Information Security Consultant with OnPoint Consulting where he specializes in FISMA compliance. Daniel is founder of the wiki, a guest blogger at and a FISMA instructor with Potomac Forum.


Title: Shining Flashlights in Dark Corners: The evolving role of information security on campus

Speaker: Eric Weakland, Director of Network Security, American University

Eric Weakland will trace his rise through the ranks of an emerging security organization, starting out in the late 1990s and continuing on into the increasingly regulated and formal security environment of the last few years. As concrete examples, Weakland will describe how the AU security team has approached more recent challenges such as encryption and web application security on campus. This interactive talk will include technical lessons learned from over a decade of practice with increasingly sophisticated tools, as well as valuable management lessons on how to best serve multiple, competing constituencies, in a chaotic campus IT environment.

Speaker Bio:

Eric Weakland is the Director of Network Security at American University in Washington DC. Eric has extensive experience in planning strategic initiatives to serve emergent information security needs in the Higher Education market. He holds a Bachelors degree from Carnegie Mellon University and a Masters of Science in Information Technology Management from American University's Kogod School of Business.

Own Your Technical Interview

I mentor tons of colleagues, friends, and former students. A major concern of all is the technical interview. Here's a quick summary of my proven to be effective tips:

1) Don't Lie (Don't be afraid to say I don't know.)
2) Establish Home Field Advantage (Know your resume inside-out.)
3) Practice (Learn applicable stuff for interview if you have to.)

I hope this is helpful. -MJC

P.S. I know "Most biggest" is bad grammar. That's my inner Texan coming out :)

Monday, April 27, 2009

Toot Your Own Horn!

Instead of parroting what others are saying; Why not toot your own horn? There are so many talented people in our field, but only a few voices are heard. We need to change this. Now!

Sunday, April 26, 2009

Sexism in Information Security?

Is there sexism in Information Security? I asked myself this question because I caught myself referring to information security professionals as "Guys". There are brilliant women in our industry, but there needs to be much more. Why aren't there more women in our field? Leave a comment or hit me on Twitter @marcusjcarey.

Saturday, April 25, 2009

That Security Show - Johnny Long Interview

This is more footage from the last That Security Show. In this video Joe McCray of Learn Security Online interviews Johnny Long of Hackers for Charity. Hope you enjoy.

Thursday, April 23, 2009

Secret To Success: Give The People What They Want

In this post, I tell you Zig Ziglar's secret to success. This always works no matter what business you're in. Hope it helps :) -MJC

Sourcefire Seminar with Martin Roesch

Attend a Sourcefire Seminar and Meet Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort®

*TOPIC: Your Network Security Isn't Good Enough Anymore Today’s threats—and networks—are dynamic. Unfortunately, most security offered to date has been static—leaving you blind to the network. *

In this seminar, Martin Roesch, Founder and CTO of Sourcefire® and Creator of Snort® will clearly show why /today’s network security isn’t getting the job done/. He will point out why network security must be /intelligent/ to be effective—providing full network visibility, relevant context, and automated impact assessment and IPS tuning. Mr. Roesch will also show why network security must adapt to dynamic networks and threats in real time. Finally, he will share some of his vision on where network security is heading in the future.

Your network security solution may be new, but chances are it is based on outdated assumptions. How can you truly protect your network if you can’t see what is running on it, don’t know what to protect, and can’t identify the threats facing you?

Don’t you owe it to yourself and your organization to attend this seminar and then audit your network security capabilities?

Come see Martin on May 7th in McLean, VA. Register at:

Tenable Network Security releases Nessus 4.0.0

Tenable Network Security is pleased to announce the release of Nessus 4.0.0.

Nessus 4 features major performance improvements, greater scalability and reduced memory usage.

You can download Nessus 4 at

Sourcefire Sponsors DojoSec

We are proud to announce that Sourcefire is sponsoring DojoSec Monthly Briefings.

Sourcefire is the world leader in real-time adaptive network security, giving organizations maximum knowledge to protect against attacks. The company was founded in January 2001 by Martin Roesch, author of open source Snort®, the world’s most downloaded intrusion detection and prevention technology with over 3.7 million downloads to date. In response to increased demand for a commercial version of the popular software, the company developed the Sourcefire 3D® System—Discover, Determine, Defend—a systematic network defense system built on Snort and designed to adapt to dynamic networks and threats in real-time. With 6 patents awarded and 37 patents pending Sourcefire has a strong commitment to innovation and continues to break new ground.

Know-It-All vs. Know-A-Lot

It's cool to know a lot information in your career field. Something I learned a while ago was that no one like a know-it-all. To be an effective information security professional, you can't be a know-it-all.

Wednesday, April 22, 2009

That Security Show - News Segment - Concept Rough Cut

DISCLAIMER: I know the audio and editing may be poor on the show segment, I'm looking for feedback on the concept only. If you can get past the roughness the content is good.

In this post I show rough footage of "That Security Show's News" segment. Even though the audio quality is poor, I'm looking for feedback on the concept. Comment here or drop me a reply on @marcusjcarey.

Shout out to Dr. Infosec, @drinfosec, for selecting the news topics. Thanks to all of the participants in this segment. Thanks for telling me to go forward with the release of this footage. I look forward to crushing this segment at the next taping.

Tuesday, April 21, 2009

That Security Show - Sampler

The studio session went well, but we need to tighten up a couple of things. Here are a couple of sessions that will be a part of the "That Security Show" formula. We will have quality sit-down interviews from industry leaders. We also will talk to security professionals from across the world over the Internet. Hope you enjoy the segments. -MJC

Monday, April 20, 2009

Heard It Through The Grapevine

In this post I talk about the Marvin Gaye song "Heard It Through The Grapevine". In the song Marvin sings "Believe half of what you see and none of what you here. This is a great security industry lesson.

No Such Thing As A Stupid User

There is no such thing as a stupid user, but there are plenty of stupid organizations.

Sunday, April 19, 2009

You Are The Security Industry!

Many complain about the security industry. If you are a security professional, check out this video post. Oh yeah, do something about the problems you see.

Saturday, April 18, 2009

That Security Show's First Taping

Hello world! Yesterday was a good day for the DojoSec movement. We had an an awesome group of people in the studio for That Security Show. Check out the video blog post to find out who was in studio with me.

Friday, April 17, 2009

Ham Security

Are you adding value to your security program? Many in our industry are doing things just because everyone is doing it. Do stuff that works.

Thursday, April 16, 2009

Selling Security

Management won't get the tool you want? You need to give them more information. In this post, I talk about a story Zig Ziglar tells about proposing to his wife. This is how you can sell security.

Wednesday, April 15, 2009

Why Be A Hacker?

Every once in a while we all come to some truths in the Security Life.

Tuesday, April 14, 2009

What Separates DojoSec?

I just love it when someone asks a question that makes me quantify what I'm doing. Thanks to Thomas Nicholson!

Monday, April 13, 2009

The Secret to Troubleshooting: Thin-slicing

This is my secret sauce to troubleshooting. In this post I discuss the concept of thin-slicing which is articulated in Malcolm Gladwell's book Blink. Thin-slicing can help information security professionals solve problems faster. What's funny about thin-slicing, is that is something I always did but didn't even think about it.

Thanks for visiting the blog and checking the video out.


Sunday, April 12, 2009

No One Will Anoint You As An Expert

It's time to step up to the plate and share your knowledge with the world.


Don't Talk About It, Be About It

This is my first attempt at a video blog entry. It's harder than it looks. I hope to keep pumping content out.


Saturday, April 11, 2009

April Videos Online

Go to the Multimedia page for all DojoSec videos.

DojoSec Monthly Briefings - April 2009 - Matthew Watchinski from Marcus Carey on Vimeo.

DojoSec at Capitol College

This month's DojoSec monthly briefings was held at Capitol College. Check out this video below from Rob Fuller AKA mubix. Capitol College is my alma mater, I earned my Master of Science in Network Security from there. They were an awesome host and the facilities were excellent.

Go to: DojoSec's Multimedia page for more videos.

DojoSec Monthly Briefings - April 2009 - Rob Fuller (mubix) from Marcus Carey on Vimeo.

Monday, April 6, 2009

DojoSec April at Capitol College

Capitol College was a fabulous host to DojoSec. I want to thank our sponsors Tenable Network Security and Techguard Security for their support. The Capitol College staff and speakers were awesome. A full wrap-up is on the way.

Wednesday, April 1, 2009

April DojoSec Line-up Change

Small change in the line-up but everything is set for Capitol College. Chris Gates and Vince Marvelli had a schedule conflict and will appear in the next few months. Joseph McCray has stepped up and will deliver a brand new talk that he'll debut at DojoSec.

Speaker: Joseph McCray

Title: Hacking Big Companies Without Getting Caught


This talk will focus on identifying and bypassing enterprise class security solutions such as Load Balancers, Intrusion Prevention Systems (IPSs), and Web Application Firewalls (WAFs).

Speaker Bio:

Joseph McCray is a leader when it comes to penetration testing. Joseph currently acts as Assessment Practice Manager at Rapid7 and is the founder of At Rapid7, he manages and performs Blackbox & Whitebox, Wireless, and VoIP Penetration Testing, as well as performing Social Engineering.

Tuesday, March 31, 2009

Tenable Network Security sponsors DojoSec

We are proud to announce Tenable Network Security is now sponsoring DojoSec Monthly Briefings.

Tenable Network Security is the leader in unified security monitoring and creator of the popular and award-winning Nessus® Vulnerability Scanner. Tenable provides agentless solutions for continuous monitoring of vulnerabilities, configurations, data leakage, and log analysis and compromise detection. Tenable's award-winning products are utilized by many Global 2000 organizations and Government agencies to proactively minimize network risk. For more information, please visit:

Sunday, March 29, 2009

Directions to Capitol College

April 2, 2009 - DojoSec Monthly Briefings will be held at Capitol College. Getting to Capitol College can be tricky, apparently there are two roads named Springfield in Laurel.

Monday, March 23, 2009

DojoSec Monthly Briefings - April 2, 2009

Speaker: Rob Fuller (Mubix),

Title: From Couch to Career in 80 hours


Carpe Vitam - Seize Life, it's shorter than you think. This talk is about taking the business world, cracking it open, seeing how it ticks, and putting it back together so we can get back to doing what we love. We are going explore everything from cyber-stalking potential employers to accepting an offer letter. It's time to start hacking your career.

Speaker Bio:

Rob Fuller has been breaking computers and cheating pc games since the age of Oregon Trail where he got in trouble at school for having a million dollars at the end of his journey. Never quite fitting inside a box at 6′4”, his time in the United States Marine Corps has left him thirsty for a challenge. Rob now spends his time as a penetration tester in the Washington D.C. Metro Area.


Speaker Name: Matt Watchinski, Sourcefire

Title: 1 Byte , 5 Minutes , Holy Hot Tuna


This presentation will discuss the recent flaw in Adobe Acrobat (and Acrobat Reader). The talk will demonstrate the whole process from intelligence gathering through exploitation, mitigation and vulnerability disclosure. The reasons why the VRT decided to release a third party patch and the subsequent media coverage will also be covered.

Speaker Bio:

Matt Watchinski joined Sourcefire in 2002 as the Director of Vulnerability Research. He is primarily responsible for leading the Sourcefire Vulnerability Research Team, a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.  Prior to joining Sourcefire Matt held similar roles with Hiverworld (now nCircle) and Farm9 (now Ambiron Trustwave).

Monday, March 16, 2009

Sourcefire's Matt Watchinski appearing at April's DojoSec

Matt Watchinski will be giving the keynote presentation at the April 2nd DojoSec Monthly Briefings

Speaker Bio: Matt Watchinski joined Sourcefire in 2002 as the Director of Vulnerability Research. He is primarily responsible for leading the Sourcefire Vulnerability Research Team, a group of leading edge intrusion detection and prevention experts working to discover, assess and respond to the latest trends in hacking activity, intrusion attempts and vulnerabilities. This team is also supported by the vast resources of the open source Snort community, making it the largest group dedicated to advances in network security industry.  Prior to joining Sourcefire Matt held similar roles with Hiverworld (now nCircle) and Farm9 (now Ambiron Trustwave).

Presentation Title: 1 Byte , 5 Minutes , Holy Hot Tuna

Presentation Abstract: This presentation will discuss the recent flaw in Adobe Acrobat (and Acrobat Reader). The talk will demonstrate the whole process from intelligence gathering through exploitation, mitigation and vulnerability disclosure. The reasons why the VRT decided to release a third party patch and the subsequent media coverage will also be covered.

Sunday, March 8, 2009

Blogging about DojoSec

I'm happy to see that many bloggers are blogging about DojoSec. My friend Dustin Fritz of The CND Group has a good blog post with pictures. Dustin and his wife are a couple of the many people that have helped DojoSec behind the scenes. Thanks Dustin.

DojoSec Monthly Briefings - March 2009 - Videos

The videos for Thursdays are online at the DojoSec multimedia page. Here is a taste.

DojoSec Monthly Briefings - March 2009 - Marcus J. Ranum from Marcus Carey on Vimeo.

Friday, March 6, 2009

March DojoSec Monthly Briefings Wrap-up

Last night's DojoSec Monthly Briefing went extremely well. We had near 100 attendees and didn't run out of pizza. Last night marked the beginning of charging a fee for the monthly event. The entry fee was $1, however many donated over this amount. We also announce our first sponsor for DojoSec Monthly Briefings, TechGuard Security.

The presentations went well and will be up on the DojoSec site as soon as possible. Thanks to all the bloggers and twits that are spreading the word.


TechGuard Security Sponsors DojoSec Monthly Briefings

Sun Tzu Data is proud to announce that TechGuard Security is now sponsoring DojoSec Monthly Briefings (DMB). This sponsorship exemplifies TechGuard's commitment to serve the information security community's needs. I want to personally thank TechGuard's President and CEO Suzanne McGee for her belief in our grassroot efforts.

TechGuard is a women-owned, SBA 8(a), small business enterprise, was founded in February 2000 to address US Critical Infrastructure Protection and National Cyber Defense. TechGuard provides trusted and award-winning IT solutions through innovative research and development, consulting services and training for the DoD, National Intelligence, Homeland Security, Federal, Financial and Healthcare communities. TechGuardians (tm) address the current challenges of cybersecurity and privacy, specifically the problems of information management, network vulnerabilities, firewall integrity and network security concerns created by e-commerce initiatives, global Internet connections and cyberterrorism. For additional information please visit or contact Bobby Jones at 636.519.4848.

Tuesday, March 3, 2009

February 2009 - DojoSec Monthly Briefings - Videos Online

DojoSec Monthly Briefings - February 2009 - Joseph McCray from Marcus Carey on Vimeo.

DojoSec Multimedia

DojoSec Monthly Briefings - March 5, 2009 - Talk Added

I'm happy to announce we have added a talk.

Subject: Snort - The Forensic Tool?
Presenter: David Warren, CSC

Much has been published regarding the open source intrusion detection system software known as snort's What is less known is Snorts ability to read previously captured binary packet capture (PCAP) files from various network devices, process these files, and produce meaningful output for responders, analysts, investigators, and examiners. Snort users also have the ability to create customized rules and include within these rules any character-based or hexadecimal pattern of interest.

The Lineup:
iPhone Forensics - Walter Barr and Sean Morrissey
Snort - The Forensics Tool? - David Warren
Cyberwar is BS - Marcus J. Ranum

That's three awesome talks, I wouldn't miss this one. Sign up and RSVP now.

February 2009 - DojoSec Monthly Briefings - Videos Online

DojoSec Monthly Briefings - February 2009 - Joseph McCray from Marcus Carey on Vimeo.

For more videos click on the Multimedia tab.

Update on DojoSec Monthly Briefings - March 5, 2009

Thanks to everyone for making DojoSec Monthly Briefings one of the best events in the nation. Many attendees have stepped up to the plate by offering talks. Companies, particularly Tenable Network Security, have shown unbelievable support with their leadership giving talks at the events. We are pleased to see more companies offering speakers.

The mission of DojoSec is to provide an environment for people to master the art of information security. DojoSec Monthly Briefings are an example of the commitment that we are making to accomplish this goal. After much consideration we have decided to charge an entry fee for DojoSec Monthly Briefings.

Starting immediately, DojoSec Monthly Briefings will charge an entry fee of one dollar. The one dollar fee establishes DojoSec Monthly Briefings as the most affordable information security events in human history. It definitely provides "Bang for your buck!". The one dollar entry fee will be collected at the door. Attendees are free to include a donation above the entry fee to support the effort.

Attendees need to be on the mailing list.


Marcus J. Carey

Saturday, February 28, 2009

Podcast Appearances

I had the pleasure of being a guest on two security podcasts this week. Wednesday night I was a guest on the Securabit podcast. I talked to the Securabit crew about the future of the Sumo Linux Project. Thursday night I was a guest on PaulDotCom Security Weekly. I did a technical segment on imaging memory called Memory Analysis: The Good vs. The Bad.

I will be talking more about both appearances soon.

Thursday, February 19, 2009

DojoSec Monthly Briefings - March 5, 2009

We are proud to announce the next DojoSec March 5th, only two weeks away!

We have a GREAT line up of dynamic speakers to include Marcus J. Ranum, Walter Barr, Sean Morrissey. Please be sure to mark your calendars and tell your friends!

Topics will include:

Marcus J. Ranum - Cyber War is B!)*&#!

There has been a great deal of irresponsible and inaccurate talk about "Cyber War" in the last decade in spite of the fact that it's technologically and militarily impractical. Its counterpart, "Cyber Espionage" makes a bit more sense, and is less mythical but falls under the category of "nothing new." In this presentation we'll look past the hype at the reality of "Cyber War".

Walter Barr & Sean Morrissey - iPhone Forensics

This presentation explains the various ways copy all data off of iPhones and the tools used to view the data. With the increased sales of iPhones across the United States and Europe, the number of iPhones that hold evidence in investigations will increase substantially. These tools include Access Data FTK, Guidance Software EnCase, X-Ways Forensics, Subrosasoft Mac Forensics, Black Bag Technologies Forensic Suite, and Paraben Device Seizure.

Some of the great advancements we in the process of making are:

1. Revamping the website (posting video's, papers, blogs, etc)
2. Looking for topics that are important to you. Please let us know topics that you like to know more about.
3. Roundtable discussions between industry experts

As a community of security professionals we are dedicated to bring you the best and brightest minds in the industry.

Tuesday, February 17, 2009

Follow DojoSec on Twitter

Twitter is being used by many organizations to keep people up to date on events. DojoSec will be providing information on all its events via Twitter. DojoSec can be followed on Twitter @dojosec.

People can also sign up for our newsletter to register for DojoSec Monthly Briefings.

Tenable's Marcus Ranum appearing on March 5, 2009 - Columbia, Maryland

Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is recognized as the inventor of the proxy firewall, and the implementer of the first commercial firewall product. Since the late 1980's, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR.

Since joining Tenable in 2004, Mr. Ranum has been Chief Security Officer at Tenable, maker of the world renowned Nessus Vulnerability Scanner and Unified Security Monitoring enterprise solution. At Tenable, Mr. Ranum is responsible for research in logging tools, product training and product/best practice evangelism. In addition, Marcus is instrumental in the design of Tenable's Unified Security Monitoring enterprise solution.

Prior to Tenable, Mr. Ranum had served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC "Clue" award for service to the security community, and the ISSA Lifetime Achievement Award. Mr. Ranum was most recently senior scientist at Trusecure Corp., an international risk management firm. He serves as a technology advisor to a number of start-ups, established concerns and venture capital groups.

Tuesday, February 10, 2009

The Next Generation of Security Professionals

Wow, Shmoocon 2009 was great! I made a short post a couple of weeks ago about the value of Twitter. Shmoocon solidified my belief in Twitter. I met several Security Twits at Shmoocon and I found that we already had rapport based on tweets (messages on Twitter).

The thing I take away from Shmoocon is how refreshing it was to see the next generation of security professionals. I honestly learned more outside in the hallways and firetalks than in the official accepted talks. It was an unbelievable networking opportunity. This is coming from someone who tweeted, "Why do people go to hacker conferences?" a while back.

I made the most of the opportunity and met as many people as possible. I made many connections at Shmoocon that I know will last long-term. There are plenty of hard working "hackers" that are just as concerned about security as any "CISSP" I've ever met. These are brilliant people who don't necessarily conform to conventional wisdom.

Now, that's my type of people. These people are the future of national security and we need to listen to them in order to defend our country, seriously. I look forward to attending more "hacker" cons in the near future.

P.S. Props to Mubix for setting up Podcasters Meetup and Firetalks.


Monday, January 26, 2009

Safest Way to Surf: The Two Browser Method

The safest way to surf the web is a two browser method. In my opinion there are two types of websites: semi-trusted and un-untrusted. Notice I failed to mention "trusted"; trusted websites don't exist. In this post I will explain how users should utilize different browsers when surfing the Internet.

The semi-trusted websites are sites such as corporate intranets, Google, and Gmail; just to name a few. These are the type of sites that have a remote chance of containing malicious attacks. With these semi-trusted sites, I am comfortable using browsers such as Safari and Internet Explorer.

Semi-trusted websites are the types that you use for work or personal use. Always remember that your credentials may be cached in your browser. This means the browser may contain username and passwords that if compromised, could result in the loss of personal or corporate information. In order to avoid this loss, I recommend that you do all other web surfing to un-trusted sites in Firefox.

Firefox is great because of all the add-ons. NoScript is a great add-on that mitigates users against some malicious attacks. NoScript is nothing new to many security professionals; it attempts to stop malicious JavaScript attacks from executing in your browser. I use Firefox and NoScript for all web browsing outside of my semi-trusted sites.

The two browser method separates all potentially cached information in each browser. If NoScript fails to prevent an attack, I don't have any important credentials in my Firefox cache. This is not perfect, but it makes it harder for driveby attacks to compromise confidential information just by browsing the Internet.

One last tip:

Do not copy information such as credit cards to your clipboard, ie. Ctrl-C.

Attackers can easily grab this information from your browsers!!