SAS 2017 – WindowsTechs.com

Mark Dowd on Exploit Mitigation Development

Posted on May 26, 2017 by Chris Brook

Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers. Continue reading Mark Dowd on Exploit Mitigation Development→

Stories From Two Years in an IoT Honeypot

Posted on April 14, 2017 by Chris Brook

A researcher at this year’s Security Analyst Summit staged a series of honeypots at his friends’ houses to record IoT traffic, exploit attempts and other statistics. Continue reading Stories From Two Years in an IoT Honeypot→

Travel Routers, NAS Devices Among Easily Hacked IoT Devices

Posted on April 10, 2017 by Chris Brook

A researcher poked holes in seven different IoT devices at last week’s Security Analyst Summit, including a host of travel routers, NAS devices, and an IP-enabled camera. Continue reading Travel Routers, NAS Devices Among Easily Hacked IoT Devices→

Travel Routers, NAS Devices Among Easily Hacked IoT Devices

Posted on April 10, 2017 by Chris Brook

Creating a More Altruistic Bug Bounty Program

Posted on April 7, 2017 by Chris Brook

David Jacoby and Frans Rosén said at this year’s Security Analyst Summit they offered companies free pen-testing and raised $15,000 for charity in the process. Continue reading Creating a More Altruistic Bug Bounty Program→

Details Around Romanian Phishing Kit Creator, Campaign Revealed

Posted on April 4, 2017 by Chris Brook

Researchers at the Security Analyst Summit on Monday divulged details behind the alleged creator of a Romanian phishing kit. Continue reading Details Around Romanian Phishing Kit Creator, Campaign Revealed→

Security Analyst Summit 2017 Day One Recap

Posted on April 3, 2017 by Chris Brook

Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT. Continue reading Security Analyst Summit 2017 Day One Recap→

Fileless Banking Malware Attackers Break In, Cash Out, Disappear

Posted on April 3, 2017 by Chris Brook

Attackers behind February’s fileless malware attacks dropped malware on some bank ATMs that gave them the ability to dispense money, “at any time, at the touch of a button.” Continue reading Fileless Banking Malware Attackers Break In, Cash Out, Disappear→

Russian-Speaking Turla Joins APT Elite

Posted on April 3, 2017 by Michael Mimoso

Researchers may have found a link between Moonlight Maze of the late ’90s and the Turla APT, which would elevate Turla to the ranks of the Equation Group as an elite nation-state attacker. Continue reading Russian-Speaking Turla Joins APT Elite→

Threatpost News Wrap, March 31, 2017

Posted on March 31, 2017 by Chris Brook

This year’s Security Analyst Summit is previewed and the news of the week is discussed, including a Microsoft IIS zero day, a new Mirai variant, and the broadband privacy ruling. Continue reading Threatpost News Wrap, March 31, 2017→