Defense in Depth, conceptually, is described in such a way that layered security increases the security of a system as a whole. In the event where one system is compromised, other mechanisms provide the necessary security to protect the system. It is the antithesis of a singular point of failure, and actively avoids this […]

Human nature is amazing. I can tell you that there are a million stars in the sky and you will believe me. I can tell you that the paint on the wall is wet, and 8 out of 10 people will touch it to make sure. Social engineering and phishing email scams are part of […]

In Greek Mythology, Thanatos was a minor figure and daemon personification of death. He always had a strained relationship with the man at the top, Zeus. In the Malware world, Zeus is about to be overthrown. In 2014, the FBI and UK NCA (National Crime Agency) spent exhaustive resources taking down two of the world’s […]

Who ever said “work smarter, not harder” obviously had a Shodan account.  This is a little story of how I managed to run a relatively simple audit against the company I work for in under 15 minutes.  Again, if you haven’t read my blog post on the basics of Shodan, I would highly recommend giving […]

Considering the massive response I got from the last post about Shodan, I figured I should do a follow up.  Thank you to all who re-tweeted the link, and a big shout out to John Matherly, founder of Shodan, for the publicity.  Bro of the year.  If you haven’t read through my last post, I […]

So let me tell you about a little thing called Shodan.  To put it simply, this terrifyingly beautiful website is a search engine for the Internet of Things.  It’s powerful, thorough, and just downright fun to play with.  Shodan will take your search and discover all devices connected to the internet related to the query. […]

I recently covered a few sections from the Verizon Data Breach Investigations Report (take a look if you haven’t already).  I also mentioned another one of my favorites, the WhiteHat Security Website Security Statistics Report.  This report gives an insightful overview of a constantly evolving and frequently targeted attack vector, web applications.  Ignoring my strong […]