Welcome to Matasano Chargen

Matasano Chargen is a blog about information security. We write. A lot. We try to keep the content to the kinds of things that we’d like to read ourselves. You can just go to the blog here, or subscribe to us via RSS.

We have several “beats”:

• Internal Security. We test internal applications. Things that aren’t normally deployed in front of firewalls simply haven’t been tested. Starting posts: “Radioactive”, “Tick-NAC-Doh!”.

• The Security Industry. Its oft-predicted demise has been fertile ground for us. Starting posts: “Do We Suck?”, “We Don’t Suck Enough!”.

• Full Disclosure. We find lots of vulnerabilities. Disclosing holes is a minefield. Starting posts: “How To Manage A Security PR Nightmare”, “Five Cheap Tips For Handling Security Flaws”, “Vulnerability Research In Numbers”, “Phreakonomics and Vulnerability Markets”.

• OS X Security. Our team has standardized on the Mac. We do Apple security research. Starting posts: “Apple Patch Tuesday Roundup”, “Ancient Flaws Leave OS X Vulnerable”.

• Security Testing Tools. Something we’re proud of: we write custom test tools to complete engagements. We want to know what we’re talking about, not just guess. Starting posts: “KARMA’s a Blast”, “Screenplay to the Movie: Metafuzzing”, “Deezee” (best tool ever), “Shell-Script ASN.1”.

• Reverse Engineering. We reverse protocols so we can test them. We reverse code to help us figure out protocols. Starting posts: “Recovering Keys from Process Memory”, “Why I Love Vulnerability Analysis in 2005”, “Reversing is Easier Than You Think”.

• And Our Peabody-Award-Winning Series: This Old Vulnerability.