You’ve just broken into your target’s internal network, whether it was some perfectly executed social engineering scheme or leveraging an overlooked unpatched vulnerability, you hit the jackpot. Now you figure it’s time to settle yourself in-between the would-be victim with a man in the middle attack and start sniffing traffic for some credentials. You fire […]
Only one week ago, news media outlets nationwide were locked in coverage of the inevitable face-off between our own government and Apple Inc. On the surface, many felt that the FBI’s request seemed to be the answer; why wouldn’t we want to stop the terrorists? Why not help law enforcement gather additional evidence stored on […]
Human nature is amazing. I can tell you that there are a million stars in the sky and you will believe me. I can tell you that the paint on the wall is wet, and 8 out of 10 people will touch it to make sure. Social engineering and phishing email scams are part of […]
In Greek Mythology, Thanatos was a minor figure and daemon personification of death. He always had a strained relationship with the man at the top, Zeus. In the Malware world, Zeus is about to be overthrown. In 2014, the FBI and UK NCA (National Crime Agency) spent exhaustive resources taking down two of the world’s […]
You gear up for another exciting day in infosec, walk into your building, sit at your cube and open up your email. If you’re like me you also browse social media feeds for the latest news in cybersecurity. That is when you see it, the next named bug…..heartbleed, shellshock, poodle, ghost, and now badlock. You sigh, […]
Look AppSec people, I know you just love dealing with development teams. I know the best part of my day is logging into my computer to be greeted by 3 “we don’t think this vulnerability is an issue” emails. Believe me, I’m sure they share the same warm, fuzzy feelings about us as well. But […]
At this point, I’m sure you’ve all heard about Apple’s on-going fight with the FBI over allowing backdoors into iPhones. In the world of cyber security, encryption, and privacy, this is the battle that will set the tone for the impending war. I have an enormous amount of respect for Apple’s CEO, Tim Cook. In an […]
Who ever said “work smarter, not harder” obviously had a Shodan account. This is a little story of how I managed to run a relatively simple audit against the company I work for in under 15 minutes. Again, if you haven’t read my blog post on the basics of Shodan, I would highly recommend giving […]
