Vlogging

2023

December

November

March


  • 2023 update to 2021 White House Cybersecurity Executive Order
  • I realized I needed to update the 2021 White House Executive Order …Improving the Nation’s Cybersecurity fundamentals outline. In order to scale with limited resources to achieve the basics, below are the fundamental hygienic basics one must achieve.

February

2020

December


  • Intel Sharing Metrics
  • I pulled some metrics from my threat intelligence sharing service to generate cute charts and graphs. If you want to keep up to date, keep an eye on

February

2019

November

September


  • Kubernetes CI / CD And Monitoring Pipelines
  • When one takes a step back and looks at a typical agile build, test, and release pipeline with a security bent; one observes the following steps and how they feed into each other like a dragon eating its’ tail.

July


  • Kubernetes Pods (PodSec policies)
  • Pods hardening is strongly configured and enforced with Pod Security policies (PodSec.). The security context enables not to restrict privileges, volume mounts, network privileges, cgroups / selinux / app armor / kernel capabilities, access control, read only file-system, etc…. This is where much of the workload insecurity comes from.

  • Kubernetes Containers
  • When we get into the specifics for containers, the challenge is that the detailed advice differs greatly between the different container technologies. As a result, I will STRONGLY recommend one doesn’t run Docker as it was never designed to be secure, requires Swarm to manage some aspects of its’ lacking security, and requires a near-infinite amount of hand holding

  • Kubernetes Networks - CNI
  • Within Kubernetes, networks are an interesting beast. They become extremely muddled

  • Kubernetes Master Node & Nodes
  • One will wish to replicate their Master node to minimize downtime events. These nodes will host the control plane building blocks

  • Kubernetes Scheduler
  • Overview



  • Kubernetes Information Security Practices
  • We sponsored a Kubernetes security review because of its’ popular adoption, glaring insecurities, default insecure states, wasn’t designed to be secure, and everyone wanted to use it and make it available to the Internet

  • What is a modern, dynamic service and its' building blocks?
  • As I work through the ecosystem, there is no evident, leading best practice.

  • Nginx exploit writing weekend
  • This weekend will be ripe of opportunities for

  • Kubernetes Basics
  • Let’s take a look at the simplest part of the previously documented multi-tenancy architecture

June

March


  • When your SIEM models are not enough
  • Just when I thought every bit of value was squeezed from the systems, it is continuing to pull out indicators and APT actors like candy at a weight loss camp.

January

2018

November


  • Memory Safety Code Review
  • Some of our keen readers may have noticed that if the size of userPass is less than 9, then overflow will still occur.

September

July

April


  • First 100 Days
  • A friend took up a new InfoSec executive career path but didn't know how to start. She reached out to me and ask for my thoughts. I thought about it

January


  • The pending crypto singularity
  • Recently penned by Peter, it is worth a read. Especially for those who are concerned about putting all of their eggs in one basket. On the Impending Crypto Monoculture

2017

October

September


  • Serious XSS affecting Wikipedia
  • XSS vulnerability in thumb.php in Wikipedia Mediawiki

  • Defense Against the Dark Arts
  • Thankfully, Naurus has produced a useful infographic to understand the variety of malicious entities. While it is not all inclusive, it suffices to help one quickly prototype simple threat models.

April


  • Walking the Dark Deep Web
  • During Black Hat, BsidesLV, and Defcon, I ended up having a chat with Justin Seitz about his nifty OSINT automation. I decided to take his data sets and enrich

2016

August


  • DARPA Cyber Grand Challenge era coming to a close
  • This Thursday, seven research institutions will compete against each other. Unlike other typical hacker challenges, their automations will compete on their behalf. The winning team will take home

March

February

2015

November

August

July


  • Ingenious CTF dashboard
  • As taken from a dummy account, I wish more CTFs were setup like this. [#Polictf](https://twitter.com/search?q=%23Polictf) 2015

  • Destroy a City - secure code review
  • It should be noted that no ethically-trained software engineer would ever consent to write a DestroyBaghdad procedure

June


  • Social Engineering Confirmation Bias workflow
  • The image below shows the role confirmatory bias can play in social engineering exploits. Two situations are depicted. In the first, the insider desires access to information supplied by the

  • Redis RCE
  • If you haven't already, time to patch Redis. Otherwise, please setup authentication in front of your Redis instance. This remote code execution is going to get nasty http

  • ElasticSearch honeypot dataset
  • I have uploaded a new ElasticSearch honeypot dataset. It appears there are a few individuals who are attempting to exploit a few 0days in ElasticSearch. All the more reason not

May

April

March

2014

December

June

April

March

2013

November

July


  • Google Translate
  • the translated website pops out of Google Translate's iframe and redirects the user to a website or content of their choosing

June

May

April


  • Google Glass 0days
  • Jenny Murphy has some clean code. However, it isn't the most secure. The Google Glass team must be under an intense timeline. Without looking too hard into the libraries and

  • Evolutionary hardware
  • For technical problems, one may struggle to define the specifications. When this happens, look at the behavioral design. Then one may find solutions from the design automation. Thankfully, evolution algorithms

  • Rapid7 Google hacks extended
  • How many other file sharing services are affected by the inadvertant sharing of sensitive information

2012

December

October

September


  • DPAPI still applicable?
  • I saw some code utilizing DPAPI. Given the research around MS's poor DPAPI implementation,

August


  • Security quotes
  • The present need for security products far exceeds the number of individuals capable of designing secure systems

July

June

May


  • Gribodemon on SpyEye 2.x - I expected better
  • Saturday, I noticed my application honeypot collected an interesting sample. The cracker took my bait and attempt to hack the planet via a SpyEye 2.x variant. Apparently, the limit of

  • Airing one's dirty development laundry - You are doing it wrong
  • I recieved a lovely google alert this weekend.

  • Bitcoins are hard to track
  • Either FBI

  • Sad reality
  • hope you have a gating process in your finance team which halts the ability to pay vendors without security approval...

  • Management Wednesday- BPM scoping
  • In business process management, there is no defined starting point. The solutions are transposable, adaptive, and can be set into motion regardless of the other solution's state. In project's scoping

  • PHP - two simple wins and a hammer
  • I love programming in PHP. Fairly simple to learn, easy to code, plenty of tools available, and great community. However, due to the language's inherent behaviour, PHP has many security pitfalls.

  • Meltdown exploits
  • Here is an academic exercise to create the Meltdown exploit prior to publication on Jan. 9th. To keep honest with my CISSP certification, I didn't include all operating systems and

April

2011

April

MEH

2023

December

November

March

  • 2023 update to 2021 White House Cybersecurity Executive Order
    I realized I needed to update the 2021 White House Executive Order …Improving the Nation’s Cybersecurity fundamentals outline. In order to scale with limited resources to achieve the basics, below are the fundamental hygienic basics one must achieve.

February

2020

December

  • Intel Sharing Metrics
    I pulled some metrics from my threat intelligence sharing service to generate cute charts and graphs. If you want to keep up to date, keep an eye on

February

2019

November

September

  • Kubernetes CI / CD And Monitoring Pipelines
    When one takes a step back and looks at a typical agile build, test, and release pipeline with a security bent; one observes the following steps and how they feed into each other like a dragon eating its’ tail.

July

  • Kubernetes Pods (PodSec policies)
    Pods hardening is strongly configured and enforced with Pod Security policies (PodSec.). The security context enables not to restrict privileges, volume mounts, network privileges, cgroups / selinux / app armor / kernel capabilities, access control, read only file-system, etc…. This is where much of the workload insecurity comes from.
  • Kubernetes Containers
    When we get into the specifics for containers, the challenge is that the detailed advice differs greatly between the different container technologies. As a result, I will STRONGLY recommend one doesn’t run Docker as it was never designed to be secure, requires Swarm to manage some aspects of its’ lacking security, and requires a near-infinite amount of hand holding
  • Kubernetes Networks - CNI
    Within Kubernetes, networks are an interesting beast. They become extremely muddled
  • Kubernetes Master Node & Nodes
    One will wish to replicate their Master node to minimize downtime events. These nodes will host the control plane building blocks
  • Kubernetes Scheduler

    Overview

  • Kubernetes Information Security Practices
    We sponsored a Kubernetes security review because of its’ popular adoption, glaring insecurities, default insecure states, wasn’t designed to be secure, and everyone wanted to use it and make it available to the Internet
  • What is a modern, dynamic service and its' building blocks?
    As I work through the ecosystem, there is no evident, leading best practice.
  • Nginx exploit writing weekend
    This weekend will be ripe of opportunities for
  • Kubernetes Basics
    Let’s take a look at the simplest part of the previously documented multi-tenancy architecture

June

March

  • When your SIEM models are not enough
    Just when I thought every bit of value was squeezed from the systems, it is continuing to pull out indicators and APT actors like candy at a weight loss camp.

January

2018

November

  • Memory Safety Code Review
    Some of our keen readers may have noticed that if the size of userPass is less than 9, then overflow will still occur.

September

July

April

  • First 100 Days
    A friend took up a new InfoSec executive career path but didn't know how to start. She reached out to me and ask for my thoughts. I thought about it

January

  • The pending crypto singularity
    Recently penned by Peter, it is worth a read. Especially for those who are concerned about putting all of their eggs in one basket. On the Impending Crypto Monoculture

2017

October

September

  • Serious XSS affecting Wikipedia
    XSS vulnerability in thumb.php in Wikipedia Mediawiki
  • Defense Against the Dark Arts
    Thankfully, Naurus has produced a useful infographic to understand the variety of malicious entities. While it is not all inclusive, it suffices to help one quickly prototype simple threat models.

April

  • Walking the Dark Deep Web
    During Black Hat, BsidesLV, and Defcon, I ended up having a chat with Justin Seitz about his nifty OSINT automation. I decided to take his data sets and enrich

2016

August

  • DARPA Cyber Grand Challenge era coming to a close
    This Thursday, seven research institutions will compete against each other. Unlike other typical hacker challenges, their automations will compete on their behalf. The winning team will take home

March

February

2015

November

August

July

  • Ingenious CTF dashboard
    As taken from a dummy account, I wish more CTFs were setup like this. [#Polictf](https://twitter.com/search?q=%23Polictf) 2015
  • Destroy a City - secure code review
    It should be noted that no ethically-trained software engineer would ever consent to write a DestroyBaghdad procedure

June

  • Social Engineering Confirmation Bias workflow
    The image below shows the role confirmatory bias can play in social engineering exploits. Two situations are depicted. In the first, the insider desires access to information supplied by the
  • Redis RCE
    If you haven't already, time to patch Redis. Otherwise, please setup authentication in front of your Redis instance. This remote code execution is going to get nasty http
  • ElasticSearch honeypot dataset
    I have uploaded a new ElasticSearch honeypot dataset. It appears there are a few individuals who are attempting to exploit a few 0days in ElasticSearch. All the more reason not

May

April

March

2014

December

June

April

March

2013

November

July

  • Google Translate
    the translated website pops out of Google Translate's iframe and redirects the user to a website or content of their choosing

June

May

April

  • Google Glass 0days
    Jenny Murphy has some clean code. However, it isn't the most secure. The Google Glass team must be under an intense timeline. Without looking too hard into the libraries and
  • Evolutionary hardware
    For technical problems, one may struggle to define the specifications. When this happens, look at the behavioral design. Then one may find solutions from the design automation. Thankfully, evolution algorithms
  • Rapid7 Google hacks extended
    How many other file sharing services are affected by the inadvertant sharing of sensitive information

2012

December

October

September

  • DPAPI still applicable?
    I saw some code utilizing DPAPI. Given the research around MS's poor DPAPI implementation,

August

  • Security quotes
    The present need for security products far exceeds the number of individuals capable of designing secure systems

July

June

May

  • Gribodemon on SpyEye 2.x - I expected better
    Saturday, I noticed my application honeypot collected an interesting sample. The cracker took my bait and attempt to hack the planet via a SpyEye 2.x variant. Apparently, the limit of
  • Airing one's dirty development laundry - You are doing it wrong
    I recieved a lovely google alert this weekend.
  • Bitcoins are hard to track
    Either FBI
  • Sad reality
    hope you have a gating process in your finance team which halts the ability to pay vendors without security approval...
  • Management Wednesday- BPM scoping
    In business process management, there is no defined starting point. The solutions are transposable, adaptive, and can be set into motion regardless of the other solution's state. In project's scoping
  • PHP - two simple wins and a hammer
    I love programming in PHP. Fairly simple to learn, easy to code, plenty of tools available, and great community. However, due to the language's inherent behaviour, PHP has many security pitfalls.
  • Meltdown exploits
    Here is an academic exercise to create the Meltdown exploit prior to publication on Jan. 9th. To keep honest with my CISSP certification, I didn't include all operating systems and

April

2011

April