Collaborate Disseminate
Brian Krebs published an article “How I Learned to Stop Worrying and Embrace the Security Freeze” in 2015. I decided to embark on that journey as well, although my laziness caused the onset of that journey to be staggered longer than it should have. I have had freezes in place for quite a few years … Continue reading “Living with a Credit Freeze” Continue reading Living with a Credit Freeze
The natural human reaction to reading a company’s announcement about a Payment Card Industry (PCI) data breach is to declare a boycott against this company. How dare they be so nonchalant and careless with my handling our information? This reaction appears to be common when you read news articles about this very topic. “87 percent … Continue reading “Reputations and PCI Data Breaches” Continue reading Reputations and PCI Data Breaches
New features in #EvolveTool! API Doc The new part of this feature is the HTML to outline all the various URLs that can be used to interact with Evolve. They have mostly been there in the background already, although a couple of the URLs are new. These URLs give the ability to have Evolve work … Continue reading “Evolve Version 1.6”
Continue reading Evolve Version 1.6
I put together some slides over a year ago after working several cases involving suspicious USB devices. The slides cover some studies that threw USB devices on the ground, and a couple scenarios from the Verizon Data Breach Digest (shameless promo). There is a lot of significance in these links, and presenting these slides has … Continue reading “Malicious USB Devices”
Continue reading Malicious USB Devices
I put together some slides over a year ago after working several cases involving suspicious USB devices. The slides cover some studies that threw USB devices on the ground, and a couple scenarios from the Verizon Data Breach Digest (shameless promo). There is a lot of significance in these links, and presenting these slides has … Continue reading “Malicious USB Devices” Continue reading Malicious USB Devices
As a consultant for an incident response firm, the engagements we get are typically fairly fleshed out in terms of being a security or operational incident. Every once in a while, we have calls come in that seem very security focused when described by the customer contact but after arriving onsite they work out to … Continue reading “Skills and Knowledge for InfoSec”
Continue reading Skills and Knowledge for InfoSec
As a consultant for an incident response firm, the engagements we get are typically fairly fleshed out in terms of being a security or operational incident. Every once in a while, we have calls come in that seem very security focused when described by the customer contact but after arriving onsite they work out to … Continue reading “Skills and Knowledge for InfoSec” Continue reading Skills and Knowledge for InfoSec
I unintentionally started a small storm on #infosec twitter the other day. In that storm I received responses in extremes that I didn’t even know existed. I wanted to give a bit more depth to that thread than what 140 characters can convey. Let me clear the air a bit first. That was not an … Continue reading “Infosec Jobs”
Continue reading Infosec Jobs
I unintentionally started a small storm on #infosec twitter the other day. In that storm I received responses in extremes that I didn’t even know existed. I wanted to give a bit more depth to that thread than what 140 characters can convey. Let me clear the air a bit first. That was not an … Continue reading “Infosec Jobs” Continue reading Infosec Jobs
I had a thought the other day about some of the NotPetya / M.E.Doc (Medoc) initial infection vector that was released last week. I wondered if the attackers had full and complete access to the Medoc network and even source code. Did they have the ability to inject the malicious code into the source repository? … Continue reading “Compile Time Analysis of NotPetya”
Continue reading Compile Time Analysis of NotPetya