KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

TRAFFICCAM – Watching the world…

Note:  The following is all hypothetical and in no way is a representation of what is currently in use, was in use in the past, or will be in use in the future. Imagine you have a video camera.  Imagine that camera is not only a single point of view camera, but can actually take…

Continue Reading

Windows 10 Privacy Advocate – Released on GitHub

Windows 10 Privacy Advocate has been released as an open-source project on GitHub.  The project aims to allow Windows 10 users to take back some of their privacy. With the release of Windows 10, many new forms of tracking have been included.  Everything from tracking what sites you visit, how many times you visit them,…

Continue Reading

Hacking Chili’s ZIOSKs (Not just Chili’s)

Background: In 2013 Chili’s and Applebee’s started installing ZIOSK tablets at all of their restaurants.  These tablets allow patrons to order, request drink re-fills, view the menu, view websites, and pay the bill.  These little tablets are a good way to give patrons a little more control over their end-of-dinner timing and get out of the…

Continue Reading

Five Things I Want to See in 2015

Well, we spun around the sun once again and are back where we started.  It is now 2015.  I am excited to see what this year will bring.  There are many changes in information security coming and many issues we will need to address this year.  Here are a list of InfoSec related things I…

Continue Reading

How Not To Use CloudFlare

For those that don’t know what CloudFlare is, please review their home page.  The basic idea behind CloudFlare is a reverse proxy that allows CloudFlare to protect websites from Denial of Service attacks, cross-site scripting, and a variety of other attacks. The important thing you have to realize though, is any information about a sites…

Continue Reading

Regarding the Sony Hack…

Okay, I have to be careful how I write this and how much to say.  I don’t mean to make that sound exaggeratedly clandestine, but by the very nature of information security, it makes sense not to disclose everything that is not public already. But… let’s get this show on the road. Sony was not…

Continue Reading

Blind SQL Injections

This PDF is a paper I wrote in 2012 demonstrating different blind SQL injection methods on different database platforms.  The information for Oracle is theoretical, due to my limitations at the time of platforms available for testing.  If I have the time, I will try to verify the Oracle method soon. The document covers blind…

Continue Reading

1 2 3