There are four phases in a project destined for the product graveyard. If we recognize this, the life we save just might be our own security product.
Watch more videos on my YouTube channel.
Archive for November, 2016
Stuck in Traffic – Enumerating Bad Guys
Posted byKnow the bad guys: Dracula, the Mummy, the Invisible Man. Wait. Back up and start over. Script kiddies, insider threats, hackivists, organized crime, and nation states.
Watch more videos on my YouTube channel.
Stuck in Traffic – Mirai Honeybot or MTPot
Posted bySometimes honeypots are corporate ready. Other times, honeypots are just for fun. We’ll talk through what’s what and introduce MTPot, the honeypot for the Mirai botnet.
https://github.com/CymmetriaResearch/MTPot/blob/master/MTPot.py
Watch more videos on my YouTube channel.
Stuck in Traffic – Ransomware, Past and Future
Posted byPredicting the future of ransomware by looking at its past. History and sociology is a way to evaluate our security controls.
Watch more videos on my YouTube channel.
Stuck in Traffic – Informed Decisions
Posted byStephen Covey has the circles of concern and circles of influence. Daniel Kahneman has fast and slow thinking. And I have a headache from staying up too late watching the election results. Today, we’ll cover how to balance the need for information such that we don’t leap to decisions or become fixated on gathering facts and figures.
Watch more videos on my YouTube channel.
Stuck in Traffic – Assessing Cloud Apps
Posted byWhen most of our apps are in the cloud, we can’t do penetration testing. I mean, we could. But it would violate the Software-as-a-Service terms of service at a minimum. We need to turn to vendor risk management. Here’s what’s next.
Watch more videos on my YouTube channel.
Stuck in Traffic – Detecting the Undetectable
Posted byAt Black Hat Europe, researchers announced an undetectable rootkit for PLCs (Programmable Logic Controllers). You should read up on it. But thus morning’s thoughts isn’t on that. It’s on how to detect the undetectable.
Watch more videos on my YouTube channel.
Stuck in Traffic – Open Redirects and DDoS
Posted byToday’s denial of service attacks are multi-vector. And so while Miria is getting all the attention, it’s important to consider the plan Bs and plan Cs for DDoS. Take, for example, open redirects in Web apps.
Watch more videos on my YouTube channel.
Stuck in Traffic- Bypassing Outlook’s Two-Factor Authentication
Posted byMicrosoft Exchange and Outlook Web Access feature two-factor authentication. A password. A token. But turns out, the Web Services doesn’t. And this means we can bypass 2FA. Here’s the attack and defense.
Watch more videos on my YouTube channel.
Stuck in Traffic – Percentage of Revenue
Posted byRand releases a study: Examining the costs and causes of cyber incidents. It estimates the impact of security incidents as a percentage of an organization’s revenue. Some thoughts.
Watch more videos on my YouTube channel.