Blog Posts

31 May 2015 » Developing Solutions
23 Apr 2015 » Password Authentication for Go Web Servers
18 Apr 2015 » Go code auditing
16 Apr 2015 » Application White-Listing Expectations
12 Apr 2015 » Looking for security trouble spots in Go code
03 Apr 2015 » Choosing Libraries for Go Web Servers
27 Dec 2014 » Go Everyday
20 Oct 2014 » Summit Route
28 May 2014 » Endpoint Threat Detection Standards
27 May 2014 » The Future of Endpoint Threat Detection and Response
27 Feb 2014 » EMET 5.0 Review
05 Feb 2014 » Pwn2Own Unicorn challenge should use IE 32-bit
26 Jan 2014 » Binary compilation differences
08 Jan 2014 » Notes on Windows Error Reporting
01 Jan 2014 » A failed attempt at identifying a developer using data in the PE file format
19 Nov 2013 » Document formatting
18 Nov 2013 » EMET 4.1 Uncovered
07 Nov 2013 » Quick Post: Extracting MSI files
02 Sep 2013 » File scanner web app (Part 5 of 5): Finishing touches
02 Sep 2013 » File scanner web app (Part 4 of 5): Scanning files from the web app
02 Sep 2013 » File scanner web app (Part 3 of 5): YARA signatures
02 Sep 2013 » File scanner web app (Part 2 of 5): Upload files
02 Sep 2013 » File scanner web app (Part 1 of 5): Stand-up and webserver
19 May 2013 » Summary of "Making Strategic Sense of Cyber Power: Why the Sky is Not Falling"
13 May 2013 » Paper review - May 2013
03 May 2013 » Top Hacker Conferences
28 Apr 2013 » Exploit Mitigation Kill Chain
07 Apr 2013 » Prevalence of memory corruption exploits
06 Apr 2013 » Watch any youtube videos with HTML5 instead of Flash
01 Apr 2013 » Extracting MiniDuke files from gifs using IceBuddha parse scripts
27 Mar 2013 » Windows Hardening Guide
10 Mar 2013 » Thoughts on signed executables
04 Feb 2013 » Project backlog
29 Jan 2013 » Things I've learned using skulpt for in-browser Python code
22 Jan 2013 » Value of white-listing
21 Jan 2013 » There are no good execution white-listing solutions for Windows
15 Jan 2013 » The age of plugin free browsers: A new age of exploitation
13 Jan 2013 » Most Secure PDF viewer: Chrome PDF Viewer
13 Jan 2013 » Dealing with Java 7 vulnerabilities
08 Jan 2013 » Root Certificate Authority research - post 2
06 Jan 2013 » Root Certificate Authority research
02 Jan 2013 » IceBuddha now uses in-browser python code for parsing via skulpt
09 Dec 2012 » Hurdles for a beginner to exploit a simple vulnerability on modern Windows
07 Dec 2012 » DEP (Data Execution Prevention) explanation by example
05 Dec 2012 » Finding slop: Common Windows apps still without DEP and ASLR
28 Nov 2012 » Information Security Trends
25 Nov 2012 » IceBuddha scrolling (javascript infinite scrolling in a finite area)
21 Nov 2012 » IceBuddha and SlopFinder updates + start of Hasher
11 Nov 2012 » SlopFinder
29 Jul 2012 » Setting up a VPN on Amazon EC2 and a client on OSX
19 Jul 2012 » Moved code to github
16 Jul 2012 » Harden OSX and iPhone for security/hacking conventions (Defcon)
16 Jul 2012 » API Design
15 Jul 2012 » IceBuddha: Generic file parser
14 Jun 2012 » Glossing over a resume
04 Apr 2012 » Stop trying to use fancy AI on malware
18 Mar 2012 » HTML5 FileReader
18 Feb 2012 » Apple: PR juggernaut
30 Jan 2012 » NoSQL
03 Jan 2012 » Merge Sort
30 Dec 2011 » System Engineering
10 Dec 2011 » Legal malware
30 Nov 2011 » Duqu C&C forensics
24 Nov 2011 » Programming Interviews
24 Nov 2011 » Link round-up
24 Nov 2011 » Duckduckgo is my new favorite search engine
21 Nov 2011 » Malware install mechanisms
18 Oct 2011 » New Stuxnet variant: Duqu
08 Oct 2011 » Windows Package Manager needed to improve secruity
08 Oct 2011 » Malware for the cloud
30 Aug 2011 » Rogue cert for google.com
23 Aug 2011 » Chinese government hacking the US is confirmed
23 Aug 2011 » Blog active again; news catch-up
23 Aug 2011 » $100K for open-source security projects
30 May 2011 » OpenHIPS post-poned/cancelled; blog on hold
23 Apr 2011 » Creating a YARA signature for shellcode
03 Apr 2011 » OpenHIPS v0.1.0.0 released... but not useful
23 Mar 2011 » Rogue certs issued by Comodo
21 Mar 2011 » OpenHIPS purpose
20 Mar 2011 » OpenHIPS v0.0.0.1 Released!
20 Mar 2011 » OpenHIPS project decisions
05 Mar 2011 » Google acquires Zynamics
26 Feb 2011 » JDK7 examples of new features
26 Feb 2011 » Idea: Google filtering front-end
13 Feb 2011 » Stuxnet paper
05 Feb 2011 » Creating custom, private antivirus signatures
22 Jan 2011 » Review of Microsoft SDL Tools
22 Jan 2011 » BlackHat DC 2011 talks up
10 Jan 2011 » "Seven Languages in Seven Weeks": Proof there are too many languages
09 Jan 2011 » Fingerprinting malware using YARA
08 Jan 2011 » Using windbg to find conficker
18 Dec 2010 » Cloud computing: Malware persistence with thin clients
04 Dec 2010 » Sandboxing
04 Dec 2010 » Ransomware
04 Dec 2010 » Prevx patching Windows
04 Dec 2010 » HBGary is small!
14 Oct 2010 » Generating Malware URL's
12 Oct 2010 » Mobile phone threat video from Mikko Hypponen
12 Oct 2010 » Conficker: Only botnet to use public key crypto?
10 Oct 2010 » Kaspersky on Stuxnet
10 Oct 2010 » Banning infected PCs
06 Oct 2010 » Virus Bulletin 2010: Kaspersky: mobile malware is good business
26 Sep 2010 » Restricted information on stuxnet
26 Sep 2010 » Lets start making solutions!
16 Sep 2010 » What kind of disclosure is this?
13 Sep 2010 » How much do bad guys make from good guys buying their stuff?
12 Sep 2010 » Idea: Tool to rate use of defense-in-depth
12 Sep 2010 » Idea: Tool to cluster executables
12 Sep 2010 » How EMET works
11 Sep 2010 » Review of Mandiant's free tools
11 Sep 2010 » Review of HBGary's free tools
09 Sep 2010 » More malware signed by real certs
07 Sep 2010 » EMET 2.0 released: Microsoft tool to force DEP, ALSR, and other security goodies on programs
01 Sep 2010 » M-unition reposts their concept of using DLL order hijacking for malware persistence
31 Aug 2010 » McAfee releases paper describing their various technologies
29 Aug 2010 » TDL3 follow-up
26 Aug 2010 » First 64-bit rootkit!
26 Aug 2010 » Common exploit shellcode explained
22 Aug 2010 » Intel buys McAfee
18 Aug 2010 » Make security sound confusing!
18 Aug 2010 » Invisible Things Lab posts Linux priv escalation
17 Aug 2010 » Kaspersky video on new(?) white-listing concept