Top Categories

Spotlight

todayAugust 18, 2020

secure development + malware Jake

Network security concepts in school safety plans

As summer nears its end, there’s a lot of discussion about how and when to reopen schools and universities. As a security professional, I can’t help but see the parallels between protecting students and faculty from a pandemic and protecting networks from malware. This post will examine those similarities from [...]


Jake

9 Results / Page 1 of 1

Background

todayJuly 31, 2020

  • 89
close

industry Jake

Security doesn’t have to be a blocker

A few months ago during a conversation at a secops event, the topic of granting exceptions came up. One of the attendees was shared his dismay. “Management is always steamrolling me” he complained, “people are just being lazy, they should be able to do it right” and added “if it ...

todayJuly 21, 2020

  • 128
  • 1
close

vulnerabilities Jake

SIGRed: A new critical vulnerability Explained

Last Tuesday, as they do every second Tuesday, Microsoft released its monthly patch updates. One in particular (CVE-2020-1350) has been drawing a lot of attention. The vulnerability is called “SIGRed”, like that lunch I may have left in the office, its old, its bad and ripe for worms. Lets dig ...

todayJuly 9, 2020

  • 131
close

malware Jake

ThiefQuest: The new macOS ransomware that’s more than it seems

Last week a new macOS malware threat was discovered. Mac ransomware, while not unheard of, is still interesting enough to be of interest to security researchers. So, when Dinesh Devadosh of K7 Labs announced his discovery over twitter. His colleagues; Phil Stokes of SentinelOne, Thomas Reed of Malwarebytes and Patrik ...

todayJune 10, 2020

  • 47
close

vendor guides + secure development Jake

Cleaning up users in 1password

Recently I was helping a company audit their 1password account. Thought I’d share some useful snippets using jq and the 1password CLI tool. This command suspends users who haven’t logged in for 3 months After suspending all the users for a few days (waiting to see if people complain), this ...

todayMay 31, 2020

  • 25
close

secure development Jake

Maturity in devops

As a consultant, I tend to work with a variety of clients and teams all across the product maturity spectrum. Some are just starting; maybe they have an MVP, maybe they are still building it. Others have existed in their space for years. Typically, when I get called into projects, ...

todayMay 31, 2020

  • 41
close

vendor guides Jake

Trying Pritunl Zero

Pritunl is an open source OpenVPN and IPSec solution that comes with a somewhat popular VPN client. Pritunl Zero fills in a few more gaps by providing zero trust access to SSH and Web Services similar to products such as Akamai EAA and Zscaller. I installed an individual server using ...