Hacker’s Ethics – My Changing Perspective

Hacker’s Ethics – My Changing Perspective


Personal Ethics is not something that changes too dramatically over time. The foundation of our ethics is typically laid as children with small changes throughout our life. Untypical, then, was a major shift in my personal ethics as it relates to “security research”, aka hacking.

(more…)

Exposing Tanium: A Hacker’s Paradise

Exposing Tanium: A Hacker’s Paradise


Tanium has gained much popularity the past few years. Those jumping on the Tanium train need to beware. If your company uses Tanium, your data is at high risk, IMO. Their “peer chain” model, and the lack of encryption of that data, is unsecure and should not be trusted.

(more…)

Breaking My Silence

Breaking My Silence


It has been 3.5 years since I left the NSA. While working there, I could not publish anything of value. Because of all of the OpSec ingrained in me, I have shied away from publishing my research, findings, and discoveries the past few years. Attending Derbycon 2017 helped to finally break my OpSec shell.

(more…)

Restricting to Local Admin != Mitigation

Restricting to Local Admin != Mitigation


I frequently come across and use endpoint exploits and attack vectors that “require admin”.  Almost as frequently, I hear people in the industry stating, “We’re safe from that; it requires local admin|system”.  In many cases, that is not a mitigation.  If you’re putting trust in the assumption that restricting to local admin will protect you, how secure do you think you really are from an attacker?

(more…)