It’s been a while since I’ve written anything on my blog, its been a busy few months at GDT. We’ve been working on developing some cool new security technologies and techniques, and a new type of attack that leverages steganography and DNS exfiltration. I’ll have a write up on that as soon as I get […]Read More Sandbox Evasion Technique
Our world has always had “script kiddies”, beginner hackers with no real purpose or agenda, using publicly available automated tools for easy attacks. Normally, those attacks are easily found and prevented, but last week they got the equivalent of weapons of mass destruction. For years, the barrier to entry to a career in vulnerability assessments […]Read More AutoSploit: The Collapse of Threat Modeling
I hate IoT. When notifying some manufacturers about vulnerabilities in their devices, we often get a response along the lines of “Version X.YZ of the firmware has a ton of new features, we’ll add it then when it comes out in 8 months!”. That means for 8 months, that vulnerability remains unpatched. Very few people […]Read More The Idiot’s Guide to IoT Security
2017 was one of the worst years on record for data breaches, computer vulnerabilities and malware attacks. Based on the first four days of 2018, those numbers might be eclipsed after security researchers uncovered a few vulnerabilities in virtually all processors made since 1995. The two vulnerabilities are Meltdown, which has been isolated to only […]Read More Beginning 2018 with a Meltdown (F**CKWIT, KAISER, Spectre, etc.)
Tech gifts are awesome. As an engineer, I love getting new gadgets and gizmos to play with, break, and eventually fix. But if someone gets me some mundane object that is internet connected, I’m going to lose my shit. Its a cool concept, instead of a regular bathroom scale, its a machine-learning bathroom scale. It seems appealing […]Read More The Christmas of IoT
A lot of members of the British Houses of Parliament are under fire this week for some pretty terrifying information security practices. And by terrifying I mean that when I first read this I couldn’t believe that someone in a position of power could be so lax with their security. For those that haven’t seen, […]Read More DON’T. SHARE. YOUR. PASSWORDS.
WannaCry caused chaos on thousands of networks, cost billions in damages, and represents a new chapter in cybercrime. 6 months after the attack, system administrators and security specialists still haven’t disabled the archaic software which caused it. Using Shodan I searched for devices which are still running public SMB services at the time of writing. […]Read More 6 months after WannaCry: People never learn