Blog

There are many defenses one can build to protect and monitor systems in the cyber world.  More times than not, one would monitor for a certain type of behavior, but not block (i.e. alert only). Most typically, this is due to the fact that it might be difficult to have enough fidelity in the detection to distinguish between good […]

If you don’t think a password hash is just as good as getting a plaintext password (99% of the time), then you should read this. Several of my clients in the past have downplayed my findings related to the discovery of password hashes, even after I cracked them. This article, like many of my articles, […]

This is an exploit to gain access to a corporate network through an employee’s unmanaged personal computer via a Citrix XenDesktop VDI. Intro I’m frustrated by the sales pitch for XenDesktop and am concerned for those who have bought into the misleading claim that it is “safe from hackers and protecting the corporate network from […]

Traditional IOCs are lame. Don’t waste your time on traditional Indicators Of Compromise (IOCs) – IPs, domains, URLs, hashes, filenames, etc.. Seriously, buy a vendor product and/or feed that gives you this capability. The payback of traditional IOCs catching commodity malware is low. The payback when it comes to detecting advanced and/or targeted threats with traditional […]