self + home + blog + projects

Jonathan (jcran) Cran

Bio

I'm the Director of Quality Assurance and an engineer with the Rapid7 Metasploit team. Day-to-day I'm focused on building quality into both the commercial and open source products. I've been with Rapid7 for over three years and have performed penetration tests, security consulting and holistic security assessment across a wide range of verticals, including financial, government, and retail. I've also been heavily involved in the open source and security communities for about five years, and i'm now an advisor for the SOURCE Boston conference (check it out!). Before that, i was a developer and network administrator at Iowa State University. If you'd like to know more about what i'm working on, you can follow me on twitter or keep an eye on the blog.

Ramblings

woot, officially done at rapid7! on to the next big thing :D

RT @thedarktangent: Get your #DEFCON 20 CFPs in! You have 11 days left. I want your coolest stuff, worthy of a 20 year anniversay and the...

The times they are a-changin

RT @briankrebs: human rights, foreign policy sites hacked, seeded with Flash and Java exploits http://krebsonsecurity.com/2012..., including CVE-2012-0779

RT @n00bznet: RT @WolfpackAlan Every 60 seconds in Africa, a minute passes. < the clock is ticking

Infosec insanity: Conference Angst http://infosec-insanity.blogspot.com/2012...

ugh

RT @mikko: The F-Secure Mobile Threat Report Q1/2012 is out: http://www.f-secure.com/weblog...

http://t.co/xhHDnaaO courtesy of @thelightcosine

RT @mikko: 11 years after Code Red, eEeye sold to BeyondTrust. @marcmaiffret to become the new CTO of BeyondTrust. http://www.darkreading.com/vulnera...

RT @ChrisJohnRiley: [SuggestedReading] IAmA a malware coder and botnet operator http://origin.reddit.com/r...

RT @todb: Time for the weekly #Metasploit update! Read up and fetch it from here: https://community.rapid7.com/communi...

RT @indi303: Some awesome reading for those of you who are interested in quantifying/qualifying attack paths http://sunset.usc.edu/csse...

RT @dacort: I like this approach. http://xkcd.com/1053/

new github icons #donotlike


RT @pengwynn: Current status: http://bukk.it/pewpoca...

RT @SOURCEConf: Mobile Penetration Training with @quine and @jonoberheide will run at #sourceseattle - http://www.sourceconference.com/seattle...

RT @n00bznet: RT @digininja Pipal analysis of the Twitter password leak http://www.digininja.org/project... <~ hooray for Pipal, standard password analysis

a simple way to build page object models with capybara: https://github.com/natritm...

RT @bcran: Genius. http://www.quiterly.com/wp-cont... < i know what i'm having for lunch


RT @jeremiahg: OMG, Facebook "Likejacking" (aka Clickjacking) makes AdscendMedia $20M! Settles lawsuits for $100K http://www.itworld.com/it-mana...

RT @egyp7: New #metasploit blog post about running executables from memory with meterpreter: https://community.rapid7.com/communi...

hah "javaSucksBecauseItMakesMeCatchEverythingFuckingThing.printStackTrace();"

RT @csoghoian: Cloud backup service @SpiderOak publishes transparency report w/ stats on gov requests. Wish @Dropbox followed suit....

RT @jeremiahg: "FBI: We need wiretap-ready Web sites - now" http://news.cnet.com/8301-10... < isn't this called a warrant?

RT @timoreilly: Really excellent piece about how to think about the value of Facebook's data and social network assets http://blogs.wsj.com/cio...

RT @dumpanalysis: Rosetta Stone for Debuggers is under inscription http://www.dumpanalysis.org/rosetta... Thanks to @jduck1337 and @jcran << :D

checking out @Thefuturefm's deep house channel - love it


more