Researchers trick password managers on Android phones into sharing passwords. This has implications for the future of AI-on-AI phishing.
Watch more videos on my YouTube channel.
Archive for September, 2018
Stuck in Traffic – ATT&CK Security Exercises
Posted byCreate security exercises using story telling, threat modeling, and the ATT&CK framework.
Watch more videos on my YouTube channel.
Stuck in Traffic – Ransomware on the Decline
Posted bySome statistics and data points on crime. Where should we focus our defense?
Watch more videos on my YouTube channel.
Stuck in Traffic – Benefits of Bug Bounties
Posted byOne benefit from bug bounties, with a classic example of the Google Calendar hack.
Watch more videos on my YouTube channel.
Bounty Hunters at GrrCon 2018
Posted byBounty hunters, those keyboard cowboys, bent on circumventing protections and leveraging mistakes in software. All for coin, swag, and glory. But bug bounty programs are the latest attempt to find and stamp out code-level weaknesses. We’ve tried education. We’ve tried coding guidelines. We’ve tried top tens and paid penetration testers. And now we turn to the lone hunter, hoping to find and close just one more vulnerability. This session will highlight some achievements in recent times by these bounty hunters. And stepping back, thinking about defensibility, a framework and approach for building stronger software will be shared. After all, anyone writing code today lives with a price on their head.
Watch more videos on my YouTube channel.