Security Research


Trust vs Access: A Tale of Two Vulnerability Classes

October 20, 2017

It’s been a big week in cyberspace, with high profile crypto vulnerabilities KRACK (affecting WPA2) and ROCA (affecting RSA keys generated by Infineon hardware) …

read more

Key Reinstallation Attacks (KRACK): The Impact So Far

October 16, 2017

Today, a series of high-severity vulnerabilities affecting the WiFi Protected Access II (WPA2) protocol were disclosed. Security researchers have developed …

read more

Keep Your Eyes on the Prize: Attack Vectors are Important But Don’t Ignore Attacker Goals

June 23, 2017

Reporting on intrusions or attacks often dwells on the method that the attackers used to breach the defenses of a …

read more

All You Can Delete MongoDB Buffet

January 12, 2017

A number of extortion actors were detected accessing unauthenticated MongoDB installations and replacing their contents with a ransom note, usually …

read more

A Model of Success: Anticipating Your Attackers’ Moves

December 1, 2016

In a previous blog, we discussed the role of planning in offensive operations and the power that effective planning affords …

read more

Plumbing the Depths: the Telnet protocol

October 3, 2016

On October 1, 2016 Krebs on Security reported that the source code for the Internet of Things (IoT) botnet malware …

read more

Overexposure – photos as the missing link

August 3, 2016

You have heard it all before ­– recycling passwords for multiple services can be catastrophic. One service being breached and …

read more

Recycling, bad for your environment!

June 27, 2016

The news is constantly flooded with yet another breach of a high profile vendor. Perhaps the biggest and most publicized …

read more

The Plan is Mightier than the Sword – Re(sources)

May 24, 2016

After having discussed the importance of planning and persistence in APTs, it is important to conclude by considering the significance …

read more

The Plan is Mightier than the Sword – Persistence

May 24, 2016

In the last blog post, I talked about the requirement for planning as part of an APT. Another requirement is …

read more