As a company we do not struggle with on boarding new talent. We are actually really good at bringing folks in, making them feel welcome, and emphasizing how they are now a part of the team. Their first day they … Continue reading On Boarding Challenges
Back in the mid-80’s and early 90’s security was an after thought when designing networks and computers. Many thought of it as just a roadblock to actually being able to use computing time. In fact, back then, most users thought … Continue reading The Cuckoo’s Egg
The book delves into the OODA loop a bit, and includes mentions of Schwerpunkt and Fingerspitzengefuhl. The main dimension of the OODA loop that the instructor never delved into revolved around Orientation, Unpredictability, and Speed Continue reading Boyd: The Fighter Pilot Who Changed the Art of War
I recently read about Aquatone on Twitter from this tweet:
HTML reports generated by Aquatone are been broken due to Subresource Integrity failure on a CSS resource. Version 1.4.3 fixes this problem: https://t.co/eb9Z1LTIZw— Michael Henriksen (@michenriksen) January 5, 2019
Aquatone is a little tool that I have been playing around with the past couple of weeks. It enables users to quickly and easily forward network scans, or DNS enumeration scans, and grab screenshots. Now that is definitely useful for attackers, but could it also be useful for defenders? I believe so.
Continue reading “Fingerprinting with Aquatone”
CVEDetails says that there is currently over 14,000 vulnerabilities that have a CVE score of 9.0 or higher. The average CVE score is a 6.6, and the total number of CVE’s is over 103,000. You are responsible for every single one of them. If you’re a small shop, that is in addition to your monitoring load, your incident response load, your asset management load, your policies and procedures load, your documentation load, your event investigation load, your… You get it. The never ending load of infosec.
Continue reading “Vulnerability Management Fatigue”