My Writing
- Malware Analysis Questions for Endpoint Security Startups Evaluating an endpoint security startup requires understanding its relationship to antivirus, its technological competitors, and how it competes for customers' budgets and time. Key questions address...
- Assessments Experts Cannot Help Overstating Their Expertise Self-proclaimed experts are more likely to claim knowledge of things they don't know, including nonexistent terms in their fields of expertise. This overclaiming tendency means security professionals...
- Authentication Face Recognition and Locking Your System: You Say Goodbye and I Say Hello Facial recognition login features like Windows Hello can automatically unlock a computer moments after you've locked it if the camera spots your face. Implementing a slight delay before facial...
- Networking A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers PayPal overpayment scams target Craigslist sellers using fake payment notifications that ask victims to wire funds to a third-party "pickup agent." Scammers craft stories about working in rural areas...
- Malware Tunneling Data and Commands Over DNS to Bypass Firewalls Adversaries can tunnel command and control traffic through DNS queries to bypass firewalls, even when environments restrict outbound DNS to trusted servers. Tools like dnscat2 demonstrate how easily...
- Tools Generating Domain Name Variations Used in Phishing Attacks Phishing attackers register domain names similar to targeted organizations using techniques like bitsquatting, homoglyphs, letter repetition, transposition, and typos. Tools like dnstwist and...