My Writing

• Communication Balancing Brevity and Verbosity in Business Communications
  Brevity is valuable when audiences lack time or inclination—use elevator pitches for executives, SWOT matrices for pros and cons, and keep emails short. Verbosity is appropriate when responding to...
• Tools Extracting Malicious Flash Objects from PDFs Using SWF Mastah
  SWF Mastah by Brandon Dixon extracts malicious Flash objects from PDFs in one step, using the PDF X-RAY framework and Peepdf. It can handle complex PDF files even when pdf-parser fails to locate or...
• Malware Analysis Preparing The Next Release of REMnux Distro
• Malware Assigning Descriptive Names to Malware - Why and How?
  Security researchers assign descriptive names to high-profile malware based on file names, registry keys, or embedded strings—whoever coins the name that sticks gets bragging rights. Duqu was named...
• Incident Response The Adversarial Cycle of Computer Attacks and Defenses
  The adversarial cycle has four phases: Attack (unfettered), Detect (forming response), Defense (attack rendered ineffective), and Mutate (attacker adapts). Defenders shorten Attack/Detect through...
• Malware Analysis How Security Companies Assign Names to Malware Specimens
  Security companies base malware naming on the CARO scheme, which groups specimens into families by code similarity in a Type/Platform/Family.Variant format. MITRE's Common Malware Enumeration...