Keynote at Security BSides Charleston (BSidesCHS) on the rules we’ve created and the problems we’ve created when transitioning InfoSec from a hobby to a profession.
Watch more videos on my YouTube channel.
Archive for the ‘Blogs’ Category
Stuck in Traffic – Tricking Password Managers
Posted byResearchers trick password managers on Android phones into sharing passwords. This has implications for the future of AI-on-AI phishing.
Watch more videos on my YouTube channel.
Stuck in Traffic – ATT&CK Security Exercises
Posted byCreate security exercises using story telling, threat modeling, and the ATT&CK framework.
Watch more videos on my YouTube channel.
Stuck in Traffic – Ransomware on the Decline
Posted bySome statistics and data points on crime. Where should we focus our defense?
Watch more videos on my YouTube channel.
Stuck in Traffic – Benefits of Bug Bounties
Posted byOne benefit from bug bounties, with a classic example of the Google Calendar hack.
Watch more videos on my YouTube channel.
Bounty Hunters at GrrCon 2018
Posted byBounty hunters, those keyboard cowboys, bent on circumventing protections and leveraging mistakes in software. All for coin, swag, and glory. But bug bounty programs are the latest attempt to find and stamp out code-level weaknesses. We’ve tried education. We’ve tried coding guidelines. We’ve tried top tens and paid penetration testers. And now we turn to the lone hunter, hoping to find and close just one more vulnerability. This session will highlight some achievements in recent times by these bounty hunters. And stepping back, thinking about defensibility, a framework and approach for building stronger software will be shared. After all, anyone writing code today lives with a price on their head.
Watch more videos on my YouTube channel.
Stuck in Traffic – Elderly Driver Edition
Posted byA support scam provides a case study in why we need to talk to our parents about cyber security.
Watch more videos on my YouTube channel.
Stuck in Traffic – Bypassed Multi-factor Loses Cryptocurrency
Posted byControls are only as good as the people behind them. Example? A SMS multi-factor authentication, a phone company, an investor, and $23 million in cryptocurrency.
Watch more videos on my YouTube channel.
Stuck in Traffic – Honepots and Distractors
Posted byWhat’s the one thing most people get wrong when setting up their first honeypot?
Watch more videos on my YouTube channel.
Stuck in Traffic – Test Data Feedback
Posted byTwo tips I received on Twitter about yesterday’s video on securing test data.
Watch more videos on my YouTube channel.