Stop doing input validation
"Buffer overflows Injection attacks DoS attacks Memory leakage Information disclosure Compromised systems" What is the common factor between all of those vulnerability classes? If you have heard...
View ArticleHow I used dead drop C2 to hide malicious traffic
Over the past few years, I have been organizing, participating in, and frequently writing attack software for CCDC red teams. This year, as I've been starting to dust off the code, spin up VM's and...
View ArticleWhy the government shouldn’t pay for your college (or most other things)
Recently there has been a renewed push, from presidential candidate Bernie Sanders to the "Million Student March" protests, to have 100% government funded college in the US, and similar policies under...
View ArticleClik here to view.
Human Adversaries – Why Information Security Is Unlike Engineering
A common theme among information security commenters and keynotes is that infosec can and either will or should evolve to be more like structural engineering, product safety, or similar successful...
View ArticleClik here to view.
Yeoman Angular Bootstrap
Although I have done a lot of software development on different projects, I am not great at making nice looking UI's. Someone recently told me it would be easy to set up a simple but nice looking...
View ArticleUsing a Fully Untrusted Cloud
Cloud services, where an organization remotely uses a third party company's servers to host the organization's websites, databases, or email, are very popular. It can save a lot of time and money to...
View ArticleClik here to view.
Defying Analysis With Sparse Malware
If you're writing tools for red teaming or pentesting, the main point of your backdoors, or implants as people are starting to call them, is to enable remote control of a system without being detected....
View ArticleThe Security Pretend Game – Sudo and Runas
tl;dr? Use completely unprivileged accounts for day-to-day tasks, then log out and log in with a privileged, trusted account for privileged tasks; don't use runas or sudo from your day-to-day account;...
View ArticleIntercepting Passwords to Escalate Privileges on OS X
A few weeks ago, a lot of attention was paid to Dropbox for "hacking" macs. Dropbox asked for your admin password when it was installed, then used that root access to enable privileges later even if...
View ArticleClik here to view.
Just Too Much Administration – Breaking JEA, PowerShell’s New Security Barrier
Update - 10/9 The PowerShell team has been very responsive in addressing these issues. The documentation should be updated soon (if not yet). Lee Holmes from the PowerShell team also addressed these...
View ArticleClik here to view.
Climate Change Archive
For another short detour from information security... Climate policy is again in the news. The past year has seen record high temperatures, the election of a US President who claimed global warming was...
View ArticleGoals
In any complex system, a solution that best meets one goal will fall short in other areas. Computer programs to solve nearly any problem in the fastest manner will not be the algorithms that use the...
View ArticleSupply Chainsaw: Practical software supply chain attacks for everyone
I recently presented Supply Chainsaw: Practical software supply chain attacks for everyone at the OPCDE technical security conference in Dubai. In between pictures of Sharknadoes and memes were an...
View ArticleHoarder
A few years ago, I gave a DerbyCon presentation on the Ambush open-source host intrusion prevention system I was working on, as well as evasion techniques you can use against systems like that,...
View ArticleHack-back in the Real World
ProtonMail just recently (yet briefly) bragged about shutting down a phishing campaign that it was the target of by hacking back the phishing server. (link) The phishers had obtained access to the...
View ArticleSigned Malware
I recently saw a quote on Twitter along the lines of "I couldn't be in threat intel because I'd get too carried away, go too far, and end up calling some hacker's mom." I had to laugh since I can...
View ArticleClik here to view.
Windows 10 Decontamination Scripts
Recently my personal laptop fell on some hard times and had to be sent to the laptop retirement home. The one hesitation I had with getting a new one was dealing with Windows 10. It has some security...
View ArticleInterface Identifier (IID) list
Interface Identifiers (IID's) are used to obtain function tables to call most methods of COM objects. In source code, a name like IID_Column will be used, but when this is compiled, the binary will...
View ArticleShould there be restrictions on the release of hacking tools?
This is a text outline of the interactive version available here 1.1. No. Authors of such software should decide for themselves what the best release policy should be 1.1.1. Pro: Authors of security...
View ArticleClik here to view.
Dispelling Decentralization Doubts
Recently at the 36th CCC, Moxie Marlinspike gave a talk titled "the ecosystem is moving" defending his choice to centralize Signal, claiming decentralized systems are unable to adapt and succeed and...
View Article