DNS: The Internet’s Phone Book

There have been a few articles recently about Secure DNS or DNS over TLS, and the first question that a buddy asked me (@Pratik) was “what the hell is DNS, technology has too many acronyms”. Have no fear my friend, I’ve got your back. DNS, or Domain Name Service, is like a phone book. If […]

Sandbox Evasion Technique

It’s been a while since I’ve written anything on my blog, its been a busy few months at GDT. We’ve been working on developing some cool new security technologies and techniques, and a new type of attack that leverages steganography and DNS exfiltration. I’ll have a write up on that as soon as I get […]

AutoSploit: The Collapse of Threat Modeling

Our world has always had “script kiddies”, beginner hackers with no real purpose or agenda, using publicly available automated tools for easy attacks. Normally, those attacks are easily found and prevented, but last week they got the equivalent of weapons of mass destruction. For years, the barrier to entry to a career in vulnerability assessments […]

The Idiot’s Guide to IoT Security

I hate IoT. When notifying some manufacturers about vulnerabilities in their devices, we often get a response along the lines of “Version X.YZ of the firmware has a ton of new features, we’ll add it then when it comes out in 8 months!”. That means for 8 months, that vulnerability remains unpatched. Very few people […]

The Christmas of IoT

Tech gifts are awesome. As an engineer, I love getting new gadgets and gizmos to play with, break, and eventually fix. But if someone gets me some mundane object that is internet connected, I’m going to lose my shit. Its a cool concept, instead of a regular bathroom scale, its a¬†machine-learning¬†bathroom scale. It seems appealing […]