News


  Max Jensen

  Day Trader & Security Researcher

    All news will be posted here

    Did you knew - Without hackers

    there will be no IEEE 802.11?

    Security Blog


    A little experimenting within Backtrack is also a big part of what I'm having fun with, regardless of it's might being going for the root, or just for curiosity of auditing the network. There are many opportunities an malicious attacker can take advantage of such situations, and I'm thinking out side the box, to do something that might are able to preventing such kind of things - by defending my self and surounders!

    Familiar with RFID?


    If you want to make some messurements and get a hang on how far your frequences are reaching, then it's also essential to remember where your pointing is at


    I'm familiar with RFID, and has been using it to develop my own methods to increase such Things as WiFi length, WiFi Jammer, or even something Ad-hoc.

    Being active within IT-security is essential for anyone in the field you and I got might in common. I stay updated with reading books regardless of my interest and curiosity of staying updated all the time. This book is an essential for any person within InfoSec.


    I found that Secrets & Lies, provide great prespective on the modern world within Cyber Warfare and so on.

    Standford University


    Cryptography Course Completed! - Certification by Dan Boneh, Professor at Standford.


    - View the certificate on the   

      About tab


    Some of my favorite moments

    Analysing 3rd party shellcode with Libemu
    Exploiting Memcpy() within a simple TCP echo server on WinXP SP3:
    - Meterpreter shell style
    Using Railgun within Meterpreter to invoke a syscall that locks the client workstation
    Exploitation from AoE - Web Server:
    I was calculating about how large my NOP sled should be and allign the 78-byte shellcode, since the buffer was 500 bytes I knew that I had a chance to get control over the program execution - and thereby exploited the web server!
    How System Calls work:
    I learn stuff by drawing them down on my whiteboard.
    Exploitation of FreeSSHd - example
    Adding debugging content to exsisting programs and Stripping it afterwards

      Strategies & 

      Cyber threats!




     Ethical hacking, has become more

      popular over the world, and as well

      I'm living my dreams out upon security

      threats!. To prevent against the

      recently updated security vulnerabillities

      exposed by OWASP, exploit-db,

      packetstormsecurity, 1337day etc.





    Currently I'm avaliable to new job opportunities within InfoSec.

    If you find my profile relevant, you can contact me by mail, and he will gladly respond to every mail ASAP:


    Max@maxjensen.dk


    As shown below, some methods to implement in a company to secure against security threats, or even on personal usage.


         OpenTC strategies

        Cryptographics

        Shell & Physical security

        Social Engineering tecniques

        RFID insecurites

        IPS/IDS, Firewall restrictions

        IT-security politics


    As shown, a different methods of preventing against exploits build upon vulnerabilities, are to be broken down in concepts.


    OpenTC, stands for Open Trusted Computering, which is a great way for securing against attacks, but is not the only solution to be done.

    ModSecurity is also some set of security which can be implemented, but should be restricted.


    Iptables is commonly used as a Linux firewall, and can allow a lot of security impelementations, to make sure you will keep malicious users out.

    You do not want to make the job easier for the attacker than given.

    User accounts should be restriced, and should think out-of-the-box, to ensure quality, permissions has to be set as with precaution!.


    Cryptographics, should be used when deliver an internal/external message to a client, within gpg, comming by default in Linux, this should be used to send messages, and also replace the files, to confuse the attacker, if the OS were to be compromised.


    As Max commonly saying, to people who are not aware of security, and how it should be handeled -

    You should treat shell access, as it were physical access.


    Social Engineering tecniques, should also be taken seriously!.

    This is a great threat to a company, if were (e.g. Attacker got into the IT comapny building, droping off a infected USB, carrying a rootkit on it, that has a payload to execute when opened upon a computer).

    You got to make the personnel aware of several SE attacks.


    RFID Insecurities, is something, which not many companies has taken seriously. But hey comon, if an attacker were desperate, he could deploy an attenna from Yagi-Uda 2,412GhZ, and start deauthenticating victims, becomming the man in the middle! - while you might not knowing, the next step were to sniff your password!, or to do some other privilige escalations.


    IPS/IDS, Firewall restrictions, as mentioned firewall for Linux, such as Iptables, you could do a lot of things with this!. But it's a great start. IPS/IDS, are usually good, but in some advantages, it's giving false alarms. This might be usfull for some sys admins though, to check the log. But at the end of the day, if that's get's the job done, then everyone is happy right?. Snort, Kismet is to be mentioned, when doing some security researcing on the network.


    IT-security politics, is bascially the main reason on securing a company / private use. Let's face it. there is nothing such as 100% security nowadays. Security is divided up in layers. The main factor here is, there will always be vulnerabilities, since there will always be humans involved. Companies need to focus on what is satisfying them, upon security messurements.

    Copyright  - Max Jensen ©  All Rights Reserved