Author

 John Strand
Twitter
RSS
E-Mail

Profile of John Strand

SANS Senior Instructor & Owner, Black Hills Information Security
News & Commentary Posts: 3

John Strand is a senior instructor with the SANS Institute. He teaches SEC504: Hacker Techniques, Exploits, and Incident Handling; SEC560: Network Penetration Testing and Ethical Hacking; SEC580: Metasploit Kung Fu for Enterprise Pen Testing; and SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education. John is the course co-author of SANS 504: Hacker Techniques, Exploits, and Incident Handling.

When not teaching for SANS, John co-hosts Security Weekly, the world's largest computer security podcast. He is the owner of Black Hills Information Security, specializing in penetration testing and security architecture services. He is also the author of Offensive Countermeasures: The Art of Active Defense. He has presented for the FBI, NASA, the NSA, and at DefCon. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing

John Strand is a senior instructor with the SANS Institute and course author of the SANS SEC550: Active Defense, Offensive Countermeasures and Cyber Deception course (Bryce Galbraith is the lead instructor for SEC550).

Articles by John Strand
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20009
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
CVE-2018-20010
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
CVE-2018-20011
PUBLISHED: 2018-12-10
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
CVE-2018-20012
PUBLISHED: 2018-12-10
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
CVE-2018-20015
PUBLISHED: 2018-12-10
YzmCMS v5.2 has admin/role/add.html CSRF.