Tech Posts

series categories tags

October 9, 2017

tech
privacy doxxing

Prevent Unintentional Doxxing: A Standard for Sharing Private Conversations Online While Still Protecting the Innocent

Those that follow me may know that I was raised Mormon but no longer practice in the religion. As such, I participate in quite a few online forums with other people in various places of the Mormon spectrum. In these forums, private text messages or social media posts from believing and orthodox family or friends are often shared as a way to vent frustration. Most of these forums that I participate in are private, but a few are public.

Four Years In Infosec First Year In Vegas: My Thoughts On Def Con and BSidesLV

BSidesLV 2016 and Def Con 24 comprised my first experience of “Hacker Summer Camp”. I’ve now been working in information security for four years, have attended a handful of conferences, and have spoken at a number of both conferences and meetups. I personally feel that I have a good handle and understanding of the culture of the industry and mostly went into the week knowing what to expect. There were some great things and some not so great things.

January 18, 2016

tech
phishing ideas

Patching the Human: Help Them Remember Their Security Training

Sean Cassidy, in a recent blog post explained the workings of LostPass, a phishing framework specifically targeting the popular password manager LastPass. In it, he perfectly articulated an idea that has been bouncing around my mind for a couple of months: The standard refrain is that we need better user training. That is simply not good enough. I couldn’t agree more with this statement. We can train them about best practices and cyber threats until we cannot talk, but they will still mess up and the bad guys will still find a way!

Introducing Gavel

This article was originally posted on nullsecure.org and has been republished with permission. I’ve been pretty busy lately with updating Tango to version 2.0 and working on threatnote, but, another project I started on recently was something @__eth0 and I are calling Gavel. Gavel is a set of Maltego transforms that query traffic records in each state. This project started out really ambitiously and we wanted to cover all 50 states, however, we ran into several problems.

Identifying Phishing Attack Vectors Using dnstwist and Splunk

This article was originally posted on nullsecure.org and has been republished with permission. I’ve been pretty busy lately with updating Tango to version 2.0 and working on threatnote, but, another project I started on recently was something @egd_io and I are calling Gavel. Gavel is a set of Maltego transforms that query traffic records in each state. This project started out really ambitiously and we wanted to cover all 50 states, however, we ran into several problems.