Blog Articles

A Simple UPX Malware Technique

Published: 2020-09-29

UPX is an executable file compressor. In this blogpost, we share a simple anti-virus evasion technique based on UPX that works well against AI-based anti-virus software.

Continue >

How I spent over 100K of my own money to learn cyber security

Published: 2020-03-04

I taught myself by using a mix of online capture-the-flag challenges, passion projects and on-the-job problem statements. Teaching myself got me my first job and it even allowed me to become an independent contractor that delivers penetration testing engagements. Then, I decided that I wanted to up my game.

Continue >

10 Good Reasons Why 2 Cyber Security Jobs At The Same Time Is Beneficial To You

Published: 2020-02-25

We present 10 reasons why cyber security wears people out and then offer you a simple solution to stay passionate about the field and give back to the community.

Continue >

The Unethical CIO

Published: 2020-02-17

Our team had gained unauthorised access to hospital software. We could tamper with hospital files, medical records and even delete the thousands of records that would force the hospital to re-process hundreds of patients. The CIO was livid. Furious. Embarrassed. None of his security investments had worked. He challenged every finding and every line in our report.

Continue >

Opinion Piece - Legal Weapons of Mass Cyber Destruction

Published: 2019-08-13

How do organisations meet their cyber obligations and expectations whilst avoiding the high cost of cyber security? They use two business instruments that we call Dark Compliance and Dark Risk Management.

Continue >

How Hard Is It to Digitally Sign Malware?

Published: 2019-06-22

There has been an alarmingly incremental rising trend among threat groups these past years that have used seemingly legal means to obtain code signing certificates to sign their malware. How easy is it for adversaries to acquire a code signing certificate and sign their malware?

Continue >

Soft Skills Needed For Cyber Security

Published: 2019-02-28

Here are 10 things, that when done consistently, generate amazing results.

Continue >

Toxic Work Cultures And Office Politics Are Failing Cyber Security

Published: 2019-02-21

The technical aspects of cyber security are pretty much resolved. The industry knows how adversaries breach networks, and we have proven techniques, technologies and procedures to stop them. So why do breaches keep happening?

Continue >

How do we create a thriving culture in the cyber security industry?

Published: 2019-02-20

If this blog post resonates with you, then I would like to invite you to become champions of a thriving cyber security culture. One that is all-inclusive, open-minded, of service, and that takes a stance against unacceptable social behaviours.

Continue >

What can a 1 year-old can teach us about cyber security?

Published: 2019-02-14

Whilst Japan's Minister of Cybersecurity has never used a computer, my friend George's 1 year old daughter has figured out how to use Skype on iPad to call her dad when she misses him.

Continue >

The difference between mediocre cyber security professionals and the very good ones is measured in minutes

Published: 2019-02-12

How many minutes of troubleshooting does it take for a software bug to make you quit? Through training hundreds of students across thousands of practical exercises we’ve learnt that the difference between average mediocre ones and the very good ones in cyber security is the 20 minute mark.

Continue >

Debunking The Myths And Misconceptions Surrounding Active Defence

Published: 2017-11-14

In this opinion piece, we will aim to set the record straight on what "Active Defence" is, how it is practiced, where the value is for the private sector, and why some organisations use "Active Defence" tactics and strategies when responding to incidents.

Continue >