Stuck in Traffic – Hiding in the Noise

When business activities drive up entries in the logs, it creates noise for adversaries to hide in.

Watch more videos on my YouTube channel.

Key reinstallation attack (KRACK) against WPA2.

Watch more videos on my YouTube channel.

A simple way to bypass application whitelisting, and nostalgia for Word macros. (Melissa, do you still love me?)

Watch more videos on my YouTube channel.

Dependency management in Node.js with Greenkeeper.io, reducing known software vulnerabilities in the 90% of the code we didn’t write.

Watch more videos on my YouTube channel.

Accenture stores their client private keys and the master keys to their KMS in an unsecured Amazon S3 bucket. Makes me think of two security principles.

Watch more videos on my YouTube channel.

Criminals gaining shell access to WordPress Web servers over Flikr, RegistrationMagic, and Appointments. Plugins. Pesky plugins.

Watch more videos on my YouTube channel.

We have at least two different audiences during a security breach: management and technical. Juggling the message between both is a hard skill to master, especially under stress. So why not divide that up between two people?

H/T Jon Tidwell.

Watch more videos on my YouTube channel.

A story of how an organization was compromised in a penetration test using a toothpick and an admin Web portal.

Watch more videos on my YouTube channel.

Instrumenting incident response so we know not only if we’ve been breached, but how badly we’ve been breached.

Watch more videos on my YouTube channel.

The use cases for monitoring and blocking of database traffic with DAM tools.

Watch more videos on my YouTube channel.