A quarter of a million computers were flash ransomed last Friday, May 12, 2017. It’s the WannaCry malware (or WannaCrypt, or WanaCrypt0r, or Wanna Decryptor) and it’s now so infamous it already has its own Wikipedia page. In this first video, I’ll lay out the exploit and attack.
Watch more videos on my YouTube channel.
RSA Conference 2017. Protect, prevent, encrypt: an approach on how to identify and document the business processes, convert threat intelligence into actionable threat models and strategically deploy encryption controls.
Watch more videos on my YouTube channel.
Converge Detroit 2017. They make it sound easy. Identify data assets. Assess threats. Protect it. Encrypt it. In theory, sure. In practice, not so much. Besides, what does a real attack look like? Encryption, as with any security tactic, quickly becomes complex and diffuse without a unifying strategy. The question of how it protects the organization’s mission must be answered. And what about threats and criminal activities? This session details how to identify and document the business processes, convert threat intelligence into actionable threat models, and strategically deploy encryption.
Watch more videos on my YouTube channel.
Hijack the software update process to install malware? Well. That’s plain evil.
Watch more videos on my YouTube channel.
Thoughts on FedRAMP and the requirements around testing specific attack scenarios.
Watch more videos on my YouTube channel.
Phishing for app tokens? Sure, why not. The recent Google Docs phishing campaign may be the harbinger of things to come
Watch more videos on my YouTube channel.
Few things feel quite as cyberpunk as hacking drones and flying robots. So I was excited when a security warning was posted about the DBPOWER U818A WIFI drone. Turns out, this offers us a good lesson in securing products.
Watch more videos on my YouTube channel.
A few things to consider when selecting a CyberSecurity insurance policy.
Watch more videos on my YouTube channel.
The new version of Kali is out, with a few new enhancements including AWS and Azure instances. This begs the question: are we securing our red team tools? Couple stories today about the red team being toyed with due to unsecured Kali setups.
Watch more videos on my YouTube channel.
DMZs, demilitarized zones, screened subnets, bastions networks, whatever you call it. We have two firewalls, one Internet facing and the other internal facing. How do hackers bypass this secure setup?
Watch more videos on my YouTube channel.