Author Archives

• Why NotPetya Kept Me Awake (& You Should Worry Too)

  By hacks4pancakes on June 28, 2017 • ( 23 )

  

  NotPetya may not have been the most sophisticated malware ever written. However, it was exceptionally effective due to the authors’ savvy exploitation of common security misconceptions and their deep understanding of poor security architecture. I want to briefly express my… Read More ›

• Talk: BSidesSLC Keynote – Together We Could Land a Plane

  By hacks4pancakes on June 26, 2017 • ( 1 )

• Consolidated Malware Sinkhole List

  By hacks4pancakes on May 16, 2017 • ( 2 )

  

  A common practice of researchers studying a piece of malware is to seize control of its malicious command and control domains, then redirect traffic to them to benign research servers for analysis and victim notification. I always highly recommend monitoring… Read More ›

• College and Infosec: To Degree or not to Degree?

  By hacks4pancakes on May 15, 2017 • ( 2 )

  

  So, you love to hack, and you’re going to get that dream job in infosec! Except, now what? A wide array of certification firms and colleges are willing to sell you an infosec program, with shiny advertisements and clever sales… Read More ›

• What’s in my (Hacking Con) bag?

  By hacks4pancakes on April 28, 2017 • ( 4 )

  

  A number of people have asked about what I carry at a typical hacking con. In the blog below, I provide a brief overview. This article isn’t meant to be an endorsement and was in no way sponsored. Use what… Read More ›

• Ask Lesley InfoSec Advice Column: 2017-04-26

  By hacks4pancakes on April 26, 2017 • ( 4 )

  I was sent some very challenging scenarios this week, from entry level remote work to anonymity. As always, submit your problems here!   Hi Lesley, I’ll add a little background before my question I’ve always wanted to break into the… Read More ›

• Ask Lesley InfoSec Advice Column: 2017-03-16

  By hacks4pancakes on March 17, 2017 • ( 3 )

  This week, I address some burning questions about education and training.  As always, submit your problems here!   Dear Lesley, Let’s cut to the chase. I hate coding. I don’t enjoy building things from scratch. I do, however, love taking… Read More ›

• Phishing Exercises, without the “Ish”

  By hacks4pancakes on March 1, 2017 • ( 2 )

  

  Much like open offices and outsourcing in business, information security is subject to trends. One you probably saw in your vendor spam folder over the past couple of years is phishing awareness exercises. The premise sounds simple – phish your… Read More ›

• Ask Lesley InfoSec Advice Column: 2017-02-26

  By hacks4pancakes on February 27, 2017 • ( 1 )

  This week, we discuss red team and blue team self-study, getting kids interested in security, and security paranoia. As always, submit your problems here! Dear Lesley, I am a threat intelligence analyst who is currently underutilized in my current job,… Read More ›

• Is Digital Privacy a Privilege Of The Wealthy?

  By hacks4pancakes on February 8, 2017 • ( 1 )

  

  Through a series of eight scenarios, I’ve invited seven security and digital privacy professionals to weigh in on the fundamental question of how much of a privilege digital privacy, and the abilities to “restrict” or “remove” our digital footprint, really are.