AWS S3 Outage and Critical Infrastructure Attacks
Yesterday the AWS team released a summary of why their S3 services in the Northern Virginia (US-EAST1) region were disrupted and some of...
Bug Bounty Programs: Are You Ready? - part 3
The Bug Bounty movement grew out a desire to recognize independent security researcher efforts in finding and disclosing bugs to the...
Characterizing the Friction and Incompatibility Between IoC and AI
Many organizations are struggling to overcome key conceptual differences between today’s AI powered threat detection systems and legacy...
Bug Bounty Programs: Are You Ready? - part 2
In this part we’ll discuss why an organization needs to launch a bug bounty program, and what limits the value they will likely extract from
Bug Bounty Programs: Are You Ready? - Part 1
The premise of crowdsourcing the task of uncovering new bugs and vulnerabilities in an organizations web applications or consumer...
Security Automation Isn’t AI Security
The AI revolution is still relatively young in the InfoSec world. Despite endless floors of vendor booths displaying the latest security...
A Pentester’s Cache of 0-days
Much of the InfoSec would still struggles to understand the dynamics of 0-day vulnerabilities and the quandary of their widespread...
From Anomaly, to Behavior, and on to Learning Systems
Anomaly detection approaches to threat detection have traditionally struggled to make good on the efficacy claims of vendors once...
Suits & Spooks: Post DYN DDoS: Is government regulation of the IoT on the horizon?
It’s a bit hard to miss all the stories and concerns over IoT security. In some ways it’s reminiscent of the late 1990’s and the endless...
Suits & Spooks: Shadowbrokers, Attribution, and Responsible Disclosure
Threat actor attribution in the cyber world – when done properly – is a damned difficult task complicated by missing and inaccessible...