You’ve seen it a hundred times. Someone’s recommendation on how to survive a security conference / hacker summer camp / DEF CON. ‘Bunny’, you may say, ‘why are you writing this? Haven’t we had enough?’ Dear reader, no we have not. Though you may have seen hundreds of these guides, it doesn’t stop dozens of […]
AI and Disinformation Campaigns
As presented at Diana Initiative 2024, BSides Edmonton 2024, and BSidesLV Proving Ground 2024
History of malware: Remote Access Trojans (RATs)
A RAT primer From millions of dollars lost to reputational damage, malware affects lives, businesses, and the world around us. It’s difficult to study, moves fast, and is a constant concern for anyone living and working in the digital age. Remote access trojans make up a large portion of the malware market and are an […]
NUCLEAR TESTING: BUILDING AN EFFECTIVE DETECTION TESTING LAB
This presentation and a modified version of it were given at DC207 in April 2023 and PancakesCon in March 2023. This talk described the process for building your own Atomic Red Team based detector testing lab. Slides have been adapted for use without talk content and may be shared freely with attribution.
How to Protect Yourself from Ransomware on a Budget
Ransomware is here to stay. It is one of the most direct ways for criminals to monetize cyberattacks, and small and mid-sized enterprises (SMEs) across the spectrum have experienced a marked uptick in attacks. All organizations across every industry should assume an imminent attack and prepare accordingly, but how to do that with the limited […]
PrintNightmare Breakdown: Analysis and Remediation
At the start of this month, a proof of concept for a Microsoft print spooler vulnerability rocked Windows admins, causing a clamor to contain the worst of the damage. This vulnerability is covered under CVE-2021-34527. Originally beginning as a marked ‘low severity’ vulnerability, a proof of concept showed the ease at which this patched vulnerability […]
Log4J Library Zero-Day Breakdown: Analysis and Remediation
Exploit BackgroundThe Log4j exploit is a vulnerability in an open source Apache logging framework that allows attackers to gain arbitrary execution abilities on an affected device. Used commonly in modern Java applications (even some non-enterprise applications like Minecraft), services are scrambling to defend against this vulnerability. Earliest evidence of this exploit was found December 1st, […]
Drawing the RedLine – Insider Threats in Cybersecurity
The RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Though Microsoft didn’t offer many officially released details on what occurred, we can examine how RedLine works to gain an understanding of what may have possibly occurred. Passwords: An Easy Target Let’s not mince words: passwords are difficult for most […]
Weathering Russian Winter: The Current State of Russian APTs
It’s no secret that Russian Advanced Persistent Threats (APTs) are a significant burden on cybersecurity teams. For years, organizations have been bombarding their systems with patches and configuration changes to dodge targeted attacks, and the focus on APTs specifically from Russia has never been higher. However, the Russian invasion of Ukraine has put the risk […]
Under the Wire: Evading Censorship & Protecting Sensitive Information
In times of trouble, citizens can feel a sense of deep helplessness. With war, famine, or political unrest raging outside of their window, many feel compelled to help or somehow make a difference, but may not understand how their position is valued. The organization Reporters Without Borders is a consultant for the United Nations and […]