Toggle navigation
TWunroll
TWunroll
faq
Contact US
Jake Williams
MalwareJake
Neat idea in theory, not remotely practical. Let's look at why.Are we including defensive ops here too? If not (and I can't imagine we would, that's HUGELY problematic), where is
Read more
If you’re going to offer suggestions to a client, make darn sure they’re actionable. I’m reading WAY too many reports that make fanciful recommendations that:1. Have constraints the client has
Read more
For those having to explain to confused family members/coworkers why Twitter/Facebook/etc haven’t “violated the First Amendment,” try this tactic.Suppose their church runs a “prayer board” where people can leave prayer
Read more
This story is getting a lot of attention. Let me quickly break down for followers not in offensive security what it means.This is not great, but *the sky isn't falling*.
Read more
Alrighty - here's my $.02 on the topic (was trying not to poison the well, but will also use this thread to collect my thoughts).First, it's important to note that
Read more
On today’s #dogWalkingThread, let’s talk about the recently disclosed abuse of SAML by attackers to “bypass” MFA.For those not familiar with the concept, SAML allows the separation of identity providers
Read more
I’ve had multiple people (mostly executive leadership) ask me whether they should be concerned about destructive cyberattacks in the #SolarWinds incident. Two have cited elevated concerns because of attribution to
Read more
For laypeople demanding evidence that Russia is responsible for the #SolarWinds breach (and subsequent operations), be patient, it will come.As an analogue, prosecutors typically don’t discuss specifics of ongoing investigations.
Read more
The next few weeks are going to suck if you work in IT or security. Buckle up folks.I predict that we’re going to see two patterns emerge:First, we’ll see a
Read more
Okay folks, let’s talk about SolarWinds.For those not familiar with it, SolarWinds is a network management system (NMS). It’s probably the most ubiquitous NMS out there, so we shouldn’t jump
Read more
Buckle up folks, if you're looking for a fantastic example of the need for sound vulnerability management programs, read on (this is about more than Drupal):The day before Thanksgiving, Drupal
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our
Cookie Policy
to improve your experience.
I agree