Published: 2020-09-29
UPX is an executable file compressor. In this blogpost, we share a simple anti-virus evasion technique based on UPX that works well against AI-based anti-virus software.
Continue >Published: 2020-03-04
I taught myself by using a mix of online capture-the-flag challenges, passion projects and on-the-job problem statements. Teaching myself got me my first job and it even allowed me to become an independent contractor that delivers penetration testing engagements. Then, I decided that I wanted to up my game.
Continue >Published: 2020-02-25
We present 10 reasons why cyber security wears people out and then offer you a simple solution to stay passionate about the field and give back to the community.
Continue >Published: 2020-02-17
Our team had gained unauthorised access to hospital software. We could tamper with hospital files, medical records and even delete the thousands of records that would force the hospital to re-process hundreds of patients. The CIO was livid. Furious. Embarrassed. None of his security investments had worked. He challenged every finding and every line in our report.
Continue >Published: 2019-08-13
How do organisations meet their cyber obligations and expectations whilst avoiding the high cost of cyber security? They use two business instruments that we call Dark Compliance and Dark Risk Management.
Continue >Published: 2019-06-22
There has been an alarmingly incremental rising trend among threat groups these past years that have used seemingly legal means to obtain code signing certificates to sign their malware. How easy is it for adversaries to acquire a code signing certificate and sign their malware?
Continue >Published: 2019-02-28
Here are 10 things, that when done consistently, generate amazing results.
Continue >Published: 2019-02-21
The technical aspects of cyber security are pretty much resolved. The industry knows how adversaries breach networks, and we have proven techniques, technologies and procedures to stop them. So why do breaches keep happening?
Continue >Published: 2019-02-20
If this blog post resonates with you, then I would like to invite you to become champions of a thriving cyber security culture. One that is all-inclusive, open-minded, of service, and that takes a stance against unacceptable social behaviours.
Continue >Published: 2019-02-14
Whilst Japan's Minister of Cybersecurity has never used a computer, my friend George's 1 year old daughter has figured out how to use Skype on iPad to call her dad when she misses him.
Continue >Published: 2019-02-12
How many minutes of troubleshooting does it take for a software bug to make you quit? Through training hundreds of students across thousands of practical exercises we’ve learnt that the difference between average mediocre ones and the very good ones in cyber security is the 20 minute mark.
Continue >Published: 2017-11-14
In this opinion piece, we will aim to set the record straight on what "Active Defence" is, how it is practiced, where the value is for the private sector, and why some organisations use "Active Defence" tactics and strategies when responding to incidents.
Continue >