-
Continue reading →: Why NotPetya Kept Me Awake (& You Should Worry Too)NotPetya may not have been the most sophisticated malware ever written. However, it was exceptionally effective due to the authors’ savvy exploitation of common security misconceptions and their deep understanding of poor security architecture. I want to briefly express my personal thoughts on why I found NotPetya particularly concerning and…
-
Continue reading →: Consolidated Malware Sinkhole ListA common practice of researchers studying a piece of malware is to seize control of its malicious command and control domains, then redirect traffic to them to benign research servers for analysis and victim notification. I always highly recommend monitoring for traffic to these sinkholes – it is frequently indicative…
-
Continue reading →: College and Infosec: To Degree or not to Degree?So, you love to hack, and you’re going to get that dream job in infosec! Except, now what? A wide array of certification firms and colleges are willing to sell you an infosec program, with shiny advertisements and clever sales pitches. Unfortunately, college is massively expensive in the US, and…
-
Continue reading →: What’s in my (Hacking Con) bag?A number of people have asked about what I carry at a typical hacking con. In the blog below, I provide a brief overview. This article isn’t meant to be an endorsement and was in no way sponsored. Use what works for you, but I have included links for things…
-
Continue reading →: Ask Lesley InfoSec Advice Column: 2017-04-26
I was sent some very challenging scenarios this week, from entry level remote work to anonymity. As always, submit your problems here! Hi Lesley, I’ll add a little background before my question I’ve always wanted to break into the infosec industry as I love tinkering and figuring out how…
-
Continue reading →: Ask Lesley InfoSec Advice Column: 2017-03-16
This week, I address some burning questions about education and training. As always, submit your problems here! Dear Lesley, Let’s cut to the chase. I hate coding. I don’t enjoy building things from scratch. I do, however, love taking things apart, and would probably be able to learn to…
-
Continue reading →: Phishing Exercises, without the “Ish”Much like open offices and outsourcing in business, information security is subject to trends. One you probably saw in your vendor spam folder over the past couple of years is phishing awareness exercises. The premise sounds simple – phish your employees before the bad guys do, monitor how they respond,…
-
Continue reading →: Ask Lesley InfoSec Advice Column: 2017-02-26
This week, we discuss red team and blue team self-study, getting kids interested in security, and security paranoia. As always, submit your problems here! Dear Lesley, I am a threat intelligence analyst who is currently underutilized in my current job, and feel like my skills and tradecraft are slipping because…
-
Continue reading →: Is Digital Privacy a Privilege Of The Wealthy?Through a series of eight scenarios, I’ve invited seven security and digital privacy professionals to weigh in on the fundamental question of how much of a privilege digital privacy, and the abilities to “restrict” or “remove” our digital footprint, really are.
Hello,
I’m Lesley, aka Hacks4Pancakes
Nice to meet you. I’m a long-time digital forensics and incident response professional, specializing in industrial control and critical infrastructure environments. I teach, lecture, speak, and write about cybersecurity.
I’m from Chicago, living in Melbourne.
Follow Me on Social!
ai career careers certification cfp challenge coins conferences cybersecurity cybersecurity careers dfir digital forensics education featured ff giac hacking health and wellness ics incident response information security infosec infosec education iot management mastodon mentoring nation state attacks off topic osint phishing podcast privacy security security education security operations self study social media talks technology threat attribution threat intelligence university video volatility women in tech
Recent posts
Join the fun!
Stay up-to-date with my recent posts, podcasts, and blogs!
Lesley Carhart's Cybersecurity Blog 