A technical analysis of how ransomware can be executed via a malicious Node.js module, written for educational awareness.
A technical deep dive into using Punycode for domain spoofing and phishing, demonstrating how to create deceptive URLs that mimic legitimate sites like YouTube.
Overview of the 2021 Festive Tech Calendar, a month-long event featuring daily tech content on Azure, DevOps, AI, and more.
A developer investigates a suspicious Cloudflare email, uncovering a potential account takeover vulnerability using persistent API credentials.
How IntSights' Active Directory Integration helps organizations detect and remediate compromised employee credentials from data breaches.
Explains the subtle but critical security difference between SMS-based Two Factor Authentication (2FA) and insecure SMS-based account recovery.
An introduction to core security principles like Separation of Duties for designing and assessing secure database systems.
A detailed analysis of a blackmail email scam demanding a $2000 Bitcoin payment to prevent the release of compromising material.
A 2018 update on Rubrik's expansion from backup appliances to data management (Polaris) and anti-malware (Radar) platforms.
A mind map summarizing the red teaming methodology and techniques from 'The Hacker Playbook 3' for cybersecurity professionals.
A practical guide to finding and exploiting hosts vulnerable to the libSSH authentication bypass (CVE-2018-10933).
Analyzes a famous 2016 phishing attack to argue that modern security hinges on human error, not just technical defenses.
A developer introduces GoScan, a network scanner tool written in Go, and explains how learning Go led to its creation and features like historical port tracking.
Challenges the common security truism that defenders must be perfect, arguing for a more realistic, economics-based approach to defense.
Analyzes the debate around zero-day vulnerability disclosure, arguing that lack of public evidence doesn't mean exploits aren't being used by stealthy attackers.
A review of Kevin Mitnick's book 'The Art of Invisibility', which explores digital privacy threats and practical protection strategies for everyone.
A technical critique of Deputy AG Rosenstein's speeches linking encryption to cybersecurity threats, arguing his position misrepresents the role of encryption in major breaches.
The article critiques the use of SSNs as both a secret and a universal ID, arguing it's a core problem behind data breaches like Equifax.
Analyzes the Apache Struts CVE-2017-5638 vulnerability, using the Equifax breach as a case study to explore architectural resilience against RCE attacks.
Analysis of new NIST password guidelines advocating for longer passphrases over complex, frequently changed passwords.
