The level of knowledge sharing that takes place within infosec is amazing! Many security researchers take time to publish their scripts, tips, successes, and failures on Twitter for all to see, so as a security professional, it’s important to learn how to effectively use Twitter to hone your craft. Red teamers can learn new tactics, techniques, and procedures (TTPs) by following other red teamers. Blue teamers can learn new detections or preventative controls published by other blue teamers.

Read More

The recent wave of WannaCry ransomware attacks has shed a lot of public light on the Windows SMB remote code execution vulnerability patched by MS17-010 and has fortunately resulted in organizations applying the security update to prevent further infections. While much of the focus has been on patching desktops and servers, it’s easy for many organizations to continue to neglect devices running the Windows Embedded 7 OS. I am nearing completion of a very long and complex pen test of an environment made up completely of networked embedded devices, so when the Equation Group’s Fuzzbunch framework was released publicly, I figured it would be perfect for a few boxes I was struggling to gain complete access to.

Read More

I’m excited to launch our new website this week! It was a lot more work than I initially expected because the scope changed dramatically from what I initially set out to do. At first, this was just going to be a simple re-branding from the previous business name. Then I decided to rewrite the whole site entirely, along with designing a new look for it. Then came the challenge of incorporating what had been a separate blog.

Read More