<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Chris Dale</title><description>Offensive security, incident response, and attack surface management.</description><link>https://chrisdale.no/</link><item><title>Coaching Singapore&apos;s HTX teams to top-5 finishes at DEF CON 32</title><link>https://chrisdale.no/posts/coaching-htx-at-def-con-32/</link><guid isPermaLink="true">https://chrisdale.no/posts/coaching-htx-at-def-con-32/</guid><description>What it actually means to coach a CTF team: coordination, challenge triage, and knowing when to sit down and grind the hard ones together.</description><pubDate>Tue, 07 Jul 2026 00:00:00 GMT</pubDate></item><item><title>Deception concepts: the elements of deception</title><link>https://chrisdale.no/posts/deception-concepts-elements-of-deception/</link><guid isPermaLink="true">https://chrisdale.no/posts/deception-concepts-elements-of-deception/</guid><description>Deception is not just for attackers. Four abstractions (NEDI, NEFI, EEDI, EEFI) to structure defensive deception planning.</description><pubDate>Wed, 16 Nov 2022 00:00:00 GMT</pubDate></item><item><title>Security misconceptions</title><link>https://chrisdale.no/posts/security-misconceptions-2020/</link><guid isPermaLink="true">https://chrisdale.no/posts/security-misconceptions-2020/</guid><description>A SANS@MIC talk on the pits and fallacies we fall into while advising ourselves and others in information security.</description><pubDate>Thu, 07 May 2020 00:00:00 GMT</pubDate></item><item><title>Smart house attack vectors</title><link>https://chrisdale.no/posts/smart-house-attack-vectors/</link><guid isPermaLink="true">https://chrisdale.no/posts/smart-house-attack-vectors/</guid><description>Beyond WPA2 and a firewall: WPS, pre-compromised LAN hosts, evil-maid USB attacks, weak ISP routers, leaked credentials, and sub-GHz radio protocols.</description><pubDate>Mon, 09 Oct 2017 00:00:00 GMT</pubDate></item><item><title>Case study: breaking into the smartest smart house</title><link>https://chrisdale.no/posts/breaking-into-the-smartest-smart-house/</link><guid isPermaLink="true">https://chrisdale.no/posts/breaking-into-the-smartest-smart-house/</guid><description>A live hack of Norway&apos;s smartest home for NRK: from the parking lot onto the LAN, through a HomeSeer zero-day, and up to the production controller.</description><pubDate>Wed, 04 Oct 2017 00:00:00 GMT</pubDate></item><item><title>Cipher and password bruteforcing with OpenSSL</title><link>https://chrisdale.no/posts/cipher-and-password-bruteforcing-with-openssl/</link><guid isPermaLink="true">https://chrisdale.no/posts/cipher-and-password-bruteforcing-with-openssl/</guid><description>A small shell loop to bruteforce unknown OpenSSL cipher and password combinations, plus using Hashcat rules to build the wordlist.</description><pubDate>Sat, 27 Aug 2016 00:00:00 GMT</pubDate></item><item><title>An Azure zero-day XSS with sandbox escape</title><link>https://chrisdale.no/posts/azure-zero-day-xss-with-sandbox-escape/</link><guid isPermaLink="true">https://chrisdale.no/posts/azure-zero-day-xss-with-sandbox-escape/</guid><description>Chaining a command injection into a stored XSS that jumps from a compromised SaaS site to the Azure administrator through the Kudu console.</description><pubDate>Fri, 19 Aug 2016 00:00:00 GMT</pubDate></item><item><title>Fifteen tips on producing good documentation</title><link>https://chrisdale.no/posts/fifteen-tips-on-producing-good-documentation/</link><guid isPermaLink="true">https://chrisdale.no/posts/fifteen-tips-on-producing-good-documentation/</guid><description>Practical rules for documentation that actually gets written and stays useful: keep it simple, write in English, never store passwords, and update as you go.</description><pubDate>Thu, 03 Sep 2015 00:00:00 GMT</pubDate></item><item><title>Finding zero-day XSS through document metadata</title><link>https://chrisdale.no/posts/finding-zero-day-xss-via-document-metadata/</link><guid isPermaLink="true">https://chrisdale.no/posts/finding-zero-day-xss-via-document-metadata/</guid><description>Embedding XSS payloads in EXIF and document metadata, and using the technique to find zero-days in image-sharing sites and WordPress.</description><pubDate>Thu, 04 Dec 2014 00:00:00 GMT</pubDate></item><item><title>My reflections as a CISO</title><link>https://chrisdale.no/posts/my-reflections-as-a-ciso/</link><guid isPermaLink="true">https://chrisdale.no/posts/my-reflections-as-a-ciso/</guid><description>Moving from techie to security leader: staying visible, not being the dust boy, and avoiding the security roller-coaster of budget cuts.</description><pubDate>Sat, 04 May 2013 00:00:00 GMT</pubDate></item><item><title>Is social engineering an actual threat?</title><link>https://chrisdale.no/posts/is-social-engineering-an-actual-threat/</link><guid isPermaLink="true">https://chrisdale.no/posts/is-social-engineering-an-actual-threat/</guid><description>Why social engineering keeps working, the psychological levers behind it, and classic examples including the HBGary hack.</description><pubDate>Sun, 23 Dec 2012 00:00:00 GMT</pubDate></item><item><title>XSS explained</title><link>https://chrisdale.no/posts/xss-explained/</link><guid isPermaLink="true">https://chrisdale.no/posts/xss-explained/</guid><description>The three ways to deliver a Cross-Site Scripting payload, the attack vectors that make it dangerous, and a short history of XSS in the wild.</description><pubDate>Sat, 06 Oct 2012 00:00:00 GMT</pubDate></item><item><title>One word for the most important security solution</title><link>https://chrisdale.no/posts/the-most-important-information-security-solution/</link><guid isPermaLink="true">https://chrisdale.no/posts/the-most-important-information-security-solution/</guid><description>Scraping a LinkedIn word game where infosec professionals named the single most important thing in security, and visualizing the answers.</description><pubDate>Sat, 12 May 2012 00:00:00 GMT</pubDate></item><item><title>Enumeration with sqlmap</title><link>https://chrisdale.no/posts/enumeration-with-sqlmap/</link><guid isPermaLink="true">https://chrisdale.no/posts/enumeration-with-sqlmap/</guid><description>Using sqlmap to enumerate databases through a SQL injection, what enumeration means in a pen test, and how the attack looks in the server logs.</description><pubDate>Fri, 11 May 2012 00:00:00 GMT</pubDate></item></channel></rss>