If you’re a developer, the task of building secure software can seem to be daunting. Vulnerabilities are a bane of large complex software projects, and companies like Microsoft spend millions to try to address them. This shouldn’t be a surprise, but since it’s popular to claim everything is hackable and nothing can be secure, it’s worth spelling out: Remote code execution vulnerabilities are not hard to prevent if developers follow a few simple, practical rules from the start, since they basically always fall into the below categories.

At BSides San Antonio this year, I gave a talk on Red Teaming the CCDC, including the CCDC red team year-end highlights, lessons learned, and all the secrets we’ve been hiding from the regional qualifiers to the national finals. I covered how we hacked and hid from the most paranoid student sysadmins in the nation, […]