John and I welcome you to the new ThreatLogic blog!
I hope you're not expecting too much from the first post. I'd just like to tell you a little about us and how ThreatLogic, and this blog, came to be.
In January of 2016, I was studying for the GPEN exam after just finishing the SANS SEC560 Network Penetration Testing and Ethical Hacking course that John had taught, mentor-style. I had really enjoyed the past three months honing my command line skills and learning the tools and methodology for network pen testing, and I really didn't want it to end. I also felt compelled to help others get this same euphoria from learning these skills and being able to actually "pop" servers themselves.
I mentioned this to John either over coffee or a beer, and we started pitching pen test ideas to friends and family. It didn't take long before we had our first customer! Now, here we are in July six months later with a company, a website (and blog), and are almost finished with our first pen test as ThreatLogic.
We've had plenty of blog-worthy experiences in just creating this company, and we'll definitely share a few of those here. But I'm sure every few weeks you'll see technical tips and techniques that we discover or extend in our own testing engagements and individual research as well as links to articles that we find interesting with a short commentary from us. The ThreatLogic blog, and John's personal blog 909research.com are just two of the outlets we use to share these experiences and perspectives with fellow hackers and infosec wannabes alike.
You’ll also find the latest & greatest news on everything about ThreatLogic as we grow and learn. So bookmark this blog, email to a friend/colleague or add our RSS feed, and let’s get the word out about ThreatLogic. Of course, we’d love to have your feedback and what you want to see discussed (and showcased) in the future. Just use the Contact page to reach us.
And, we're off!
-Chris
Chris Baker is one of ThreatLogic's founders and has expertise in web and mobile application security, vulnerability management, network security, data loss prevention, host protection, incident response, risk management, and digital signatures in addition to many other interests outside of information security.