John Pierce

. CISSP, SLAE, Security+

About me

I've been working with personal computers since just after the Apple IIe was released. My first big projects were on an 8086 based machine (TI actually produced a PC with that chip, a true 16 bit bus!) running at 4.77Mhz with two 5.25 inch floppies and 256kb of RAM. Now my primary has terabytes of disk storage, 16 gigabytes of RAM, a quad core processor and 30 megabit access to virtually limitless information on the Internet. These are resources I couldn't imagine when I started out. It's amazing what changes have occurred.

I started programming in dBASE II in the early 80's, graduating to assembly in the mid-80's. Most of my work was in economic modelling, with some hobby stuff on the side. Over the years, I've programmed in assembly, Lotus, dBASE II/III, Clipper Summer 87, Clipper 5, Access, C, Pascal, Perl, Python, and a little bit of C++. In the early 90's I actually visited the first web site at CERN through a text only Internet account via 2400 baud modem.

Over the years, I've worked in a lot of industries: construction, oil and gas exploration, small business startup/workout consultant, personal financial planning, investment banking, as an artist, adjunct professor in forensics, network security, and system maintenance, and most recently, training medical practitioners in the use of electronic health records software. Whether as a primary job function, or when I was an artist, just as a hobby, I've consistently enjoyed keeping up with computer technology and trying to get computers to do what I want. I've always been looking under the hood, seeing if I could figure better, faster ways to do things. It morphed into trying to get them to do what they aren't expected to do, and protecting from same.

In my experience, it’s easy to get too wrapped up in digital. It’s important to my sanity that I have other interests. Spending time with family, travel, cooking and art are mine.

This is my family.  I'm the one on the left, and I used to be taller :).

Postscript:  You may have read my review of the Securitytube Linux Assembly Expert course and seen a mention of dissatisfaction with the eLearnSecurity course.  You may also have noted that I do not use the eCPPT designation.  I did pass the exam, and was rewarded the eCPPT certification.  I place little value on it, however, and have decided not to list it.  Unless eLS questions my commentary, I will not review their course with supporting documentation.  They did refund most of my fee after I supported all of my allegations to Armando.

Most Recent Articles

First bit::

This is a writeup of the format string vulnerability in level 4 of the 64bitprimer VM from vulnhu

First bit::

Installation of the software to make a yubikey 4 work in FIDO U2F mode on Debian Jessie i386

First bit::

Lesson(s) learned

First bit::

This one stumped me. Overall, it was a great competition for me as I got to learn a whole lot of new things. I had never worked on a Mac, other than as a user, had never used Hopper, lldb or any of the other tools for reversing on a Mac, and haven't got any experience in the Objective C/Swift framework.

First bit::

4 rounds, lots of debugging

Videos

Categories: Network security, Videos
First bit::

Explains the workings of a DMZ, walks through setting up and testing of a DMZ in a virtual machine lab environment

Categories: Network security, Videos
First bit::

In this video I go through the process of setting up an SSH tunnel to hide an IP and also setting

Categories: Exploits, Videos
First bit::

Useful for someone who is interested in what a buffer overflow is. Does not go into the details of development, just explains generally and demonstrates the use of one.

Categories: Exploits, Videos
First bit::

a demonstration of a vulnerability discovered and published by Muts in 2004, exploited on a Windows XP SP3 machine using Python, Immunity Debugger, and Metasploit.

Categories: Network security, Videos
First bit::

In this video I demo some simple iptables rules and show them how to perform network traffic analysis to test them out.