AWS S3 Outage and Critical Infrastructure Attacks
Yesterday the AWS team released a summary of why their S3 services in the Northern Virginia (US-EAST1) region were disrupted and some of...
Bug Bounty Programs: Are You Ready? - Part 1
The premise of crowdsourcing the task of uncovering new bugs and vulnerabilities in an organizations web applications or consumer...
Security Automation Isn’t AI Security
The AI revolution is still relatively young in the InfoSec world. Despite endless floors of vendor booths displaying the latest security...
A Pentester’s Cache of 0-days
Much of the InfoSec would still struggles to understand the dynamics of 0-day vulnerabilities and the quandary of their widespread...
From Anomaly, to Behavior, and on to Learning Systems
Anomaly detection approaches to threat detection have traditionally struggled to make good on the efficacy claims of vendors once...
Suits & Spooks: Post DYN DDoS: Is government regulation of the IoT on the horizon?
It’s a bit hard to miss all the stories and concerns over IoT security. In some ways it’s reminiscent of the late 1990’s and the endless...
Suits & Spooks: Shadowbrokers, Attribution, and Responsible Disclosure
Threat actor attribution in the cyber world – when done properly – is a damned difficult task complicated by missing and inaccessible...