Category: Security

  • RSS and what the Internet was meant too be

    RSS and what the Internet was meant too be

    I recently got into RSS for the first time, and what can I say other than it’s awesome. I always knew about RSS but never really understood what was the “point” of RSS. I recently watched Lon.tv’s take on RSS and got really interested in what RSS was really about. In this age of “disinformation” […]

  • The Truth about Social Media Content Delivery Networks

    The Truth about Social Media Content Delivery Networks

    With the rise of social media, a crossed the entire globe, companies needed a way to speed up load times for large files such as photos, videos, and software downloads. The following description comes from Wikipedia on Content Delivery Networks: A content delivery network, or content distribution network (CDN), is a geographically distributed network of proxy servers and their data centers. […]

  • Open-Source SOAR Solution : Part 1

    Open-Source SOAR Solution : Part 1

    With a industry that is tool/software centric we can lose sight on the true solution within Cyber Security. Many companies will buy a specific product to be the “silver bullet” to all their Cyber Security needs, but unfortunately that product will never truly exist. If we as an industry truly want to succeed in this […]

  • Open-Source SSL Cert Management

    Open-Source SSL Cert Management

    As a Application Security Engineer/Security Researcher, I spend a lot of time tinkering within my home lab. Unfortunately, my home lab has become more than just a habit….. an obsession maybe? However, you can check out some incredible home lab setups by checking out this subreddit r/homelab. I recently posted my current server rack setup, […]

  • Announcing CVE-2018-12076

    Announcing CVE-2018-12076

    I am announcing a vulnerability that I found in he UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer’s MarketCard balance, and also could lead to Customer Information Disclosure. The data (as submitted to Mitre) is below:

  • PowerShell Anti-Virus with VirusTotal API

    PowerShell Anti-Virus with VirusTotal API

    tl;dr We use PowerShell to continuously monitor any executed .exe files then get the file locations and pass it to the VirusTotal API to get a virus report. We use an “if else” statement to make a decision to alert our “Security Team” and to remove that file from Windows. The advantage of using this […]

  • Five Things to Know about Cryptomining

    Five Things to Know about Cryptomining

    Does it feel like your computer is running (or rather, crawling) slowly? You may be a victim of cryptomining—cyber criminals’ latest tool du jour. A couple of weeks ago, Reuters reported that thousands of websites, including ones run by U.S. and UK government agencies, were infected with cryptomining code. As we covered recently, many enterprising […]

  • What Does It Really Take To Track A Million Cell Phones?

    What Does It Really Take To Track A Million Cell Phones?

    Let us clarify right away, we are not talking about how to track your own cell phone in case it’s lost or stolen. We are talking about tracking everyone that lives, breathes and wears a cell phone. This is actually incredibly easy and we think that people should be aware of that. If a representative […]

  • Using Windows FSRM to build a Killswitch for Ransomware

    Using Windows FSRM to build a Killswitch for Ransomware

    Despite the number of $ in this image, this solution costs zero $. When I sit across the table from CISOs and ask, “has your organization been affected by ransomware recently?” the answer is almost always “of course!” However, when asked on how they are handling it, they are typically looking to me for an answer. […]