Foreword (Lesley) One of the hardest things to accept in information security is that we as individuals will simply never know everything there is to know about the field, or all of its many niches. Despite this absolute reality, we still often feel embarrassed to ask basic questions about topics we don’t understand, due to… Read More The InfoSec Amnesty Q&A
(Updated 2/3/2020) So, you’ve finally landed that infosec job of your dreams! The clouds have parted and angels have descended from the sky singing Aphex Twin. Congratulations, I believed in you all along. One small problem: they say you’re going to have to travel. Maybe to a customer site. Maybe to training. It doesn’t matter.… Read More The Infosec Introvert Travel Blog
A Ready Player One major motion picture directed by Steven Spielberg is scheduled for release in March 2018, resulting in a recent resurgence of popularity of the Ernest Cline cyberpunk novel which serves as its inspiration. So, this seems like as good a time as any for me to briefly revisit the 2011 novel and… Read More The Infosec of Ready Player One – A Review
Our personal financial identities are exposed, and we’re mad. A sick, visceral, exhausted anger that hits us in the pit of our stomachs and makes us feel powerless. People are understandably furious about the Equifax breach- to a degree that makes it tough to have a rational discussion about what happened. Unfortunately for information security… Read More Whose Fault Is It? (A brief discussion on misconceptions about Equifax)
I commissioned the very talented artist Bryan Ward to make a good quality version of my previous credit card security infographic. This is meant as a tool to educate and inform people who post photos of their credit cards on the internet, and you may link to or repost it accordingly. Please give credit and… Read More Credit Card Security Infographic
NotPetya may not have been the most sophisticated malware ever written. However, it was exceptionally effective due to the authors’ savvy exploitation of common security misconceptions and their deep understanding of poor security architecture. I want to briefly express my personal thoughts on why I found NotPetya particularly concerning and a bad omen for things… Read More Why NotPetya Kept Me Awake (& You Should Worry Too)
A common practice of researchers studying a piece of malware is to seize control of its malicious command and control domains, then redirect traffic to them to benign research servers for analysis and victim notification. I always highly recommend monitoring for traffic to these sinkholes – it is frequently indicative of infection. I’ve found no… Read More Consolidated Malware Sinkhole List
So, you love to hack, and you’re going to get that dream job in infosec! Except, now what? A wide array of certification firms and colleges are willing to sell you an infosec program, with shiny advertisements and clever sales pitches. Unfortunately, college is massively expensive in the US, and the learning environment isn’t great… Read More College and Infosec: To Degree or not to Degree?
A number of people have asked about what I carry at a typical hacking con. In the blog below, I provide a brief overview. This article isn’t meant to be an endorsement and was in no way sponsored. Use what works for you, but I have included links for things when I can remember where… Read More What’s in my (Hacking Con) bag?