Microsoft Win32k NULL Page Vulnerability Technical Analysis
Endgame has discovered and disclosed to Microsoft the Win32 NULL Page Vulnerability (CVE-2013-3881), which has been fixed in Microsoft’s October Security Bulletin, released October 8, 2013. The...
View ArticleClik here to view.
Storm Metrics How-To
If you have been following Storm’s updates over the past year, you may have noticed the metrics framework feature, added in version 0.9.0 New Storm metrics system PR. This provides nicer primitives...
View ArticleAndroid Is Still the King of Mobile Malware
According to F-Secure’s “Q1 2014 Mobile Threat Report”, the Android operating system was the main target of 99% of new mobile malware in Q1 2014. The report states that between January 1 and March 31,...
View ArticleVerizon's Data Breach Investigations Report: POS Intrusion Discovery
Verizon recently released its 2014 Data Breach Investigations Report. I could spend all day analyzing this, but I’ll touch on just one issue that’s been on many of our minds recently: Point-of-Sale...
View ArticleDEFCON Capture the Flag Qualification Challenge #1
I constantly challenge myself to gain deeper knowledge in reverse engineering, vulnerability discovery, and exploit mitigations. By day, I channel this knowledge and passion into my job as a security...
View ArticleTelecom as Critical Infrastructure: Looking Beyond the Cyber Threat
Much of the discussion around cyber security of critical infrastructure focuses on the debilitating impact of a cyber attack on a country’s energy, economic, and transportation backbone. But Russia’s...
View ArticleBlackshades: Why We Should Care About Old Malware
“Blackshades is so 2012” is the near response I received when I mentioned to a friend the recent FBI takedown of almost 100 Blackshades RAT dealers. This nonchalant, almost apathetic attitude towards...
View ArticleClik here to view.
DEFCON Capture the Flag Qualification Challenge #2
This is my second post in a series on DEFCON 22 CTF Qualifications. Last time I examined a problem called shitsco and gave a short overview of CTF. This week, I’d like to walk you through another...
View ArticleHow to Get Started in CTF
Over the past two weeks, I’ve examined two different problems from the DEFCON 22 CTF Qualifications: “shitsco” and “nonameyet”. Thank you for all of the comments and questions. The most popular...
View ArticleClik here to view.
Technical Analysis: Binary b41149.exe
In keeping with the theme of my previous post, “malware never truly dies – it just keeps on compromising”, today I’d like to investigate a binary that surfaced a couple of months ago. While the binary...
View ArticleThe Great Divide: Closing the Gap in Cyber Analysis
In 2010, General Michael Flynn co-authored a report entitled Fixing Intel critiquing the threat-centric emphasis within counterinsurgency intelligence analysis. The report, which made waves in the...
View ArticleAnalysis: Three Observations About the Rise of the State in Shaping Cyberspace
Last month commemorated the 100th anniversary of the start of World War I. It was a time when states were so interdependent and borders so porous that some call it the first era of globalization. In...
View ArticleClik here to view.
Time Series Analysis for Network Security
Last week, I had the opportunity to attend a conference that had been on my radar for a long time. I’ve been using scientific Python tools for about 10 years, so it was with great excitement that I...
View ArticleClik here to view.
Building Models for Time Series Analysis
In my last post, I talked about the different Python projects I used to put together a pipeline for network security data. In this post, I’ll talk about how I used the scientific computing software...
View ArticleReport Analysis: A Data-Driven Approach to Cybersecurity
On Monday, I attended the rollout event for former Secretary of the Navy Richard Danzig’s most recent report: “Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s...
View ArticleClik here to view.
Securing the e-Campus: Ten Observations About Cyber Security in Academia
I recently gave the keynote address at “Securing the eCampus,” a gathering of university CIOs and CISOs hosted by Dartmouth College. Drawing on my fifteen years of experience in the kinetic security...
View ArticleNew Internet Hot Spots? Neighborhood Effects and Internet Censorship
During the 2011 London riots, the local government called for a ban on BlackBerry Messenger Service, a key form of communication during these events. Following the riots, Prime Minister David Cameron...
View ArticleClik here to view.
Black Hat Decomposed: Perspectives from a Social Scientist
This week I attended my first-ever Black Hat conference. As a social scientist, I was very intrigued to actually experience the culture of the conference, but anticipated being overwhelmed by the...
View ArticleClik here to view.
How We Win Hack Week
With outstretched arms and a voice just a tad too loud, I shout, “Welcome to Hack Week!” As a fitting coda to Black Hat and DEF CON wrapping up in the previous days, an enthusiastic group of Endgame...
View ArticleClik here to view.
Hack Week The Endgame Way
Several Endgamers attended Black Hat in Las Vegas a couple of weeks ago. Some stayed and many more arrived for DEF CON. Keeping the theme alive, we just finished up this summer’s Vegas hack week, where...
View Article