System Hardening

System hardening is a term used frequently. But what does it exactly mean and are you doing it right? In simple terms, any system or device out of the box comes with all its bells and whistles belling and whistling. Which is great if you're going to use it to backup your holiday pictures at … Continue reading System Hardening →

CISSP Reloaded–Domain 6, Operations Security

I’ve made it past the mid-way point, I think a bit of self-back patting are in order! This is the 6th part on my CISSP Reloaded where I am revisiting the 10 CISSP domains I studied for many years ago to see what has changed and how much of it I have retained as well … Continue reading CISSP Reloaded–Domain 6, Operations Security →

Incident Management

When you're faced with an incident what do you do? Do you even realise there's an incident? Do you ignore it? Or do you hide under the covers? All these things happen and usually the best laid plans usually end up in the bin when an incident does strike. How can one prevent this? Think … Continue reading Incident Management →

Didier Stevens Interview at Black Hat EU 2012

At this years Black Hat, I got to speak with Didier Stevens on his latest toolset that he’s released for malicious PDF analysis. You can find Didier on Twitter or his musings at his blog.

CISSP Reloaded, Domain 5–Security Architecture & Models

This is the 5th part on my CISSP Reloaded where I am revisiting the 10 CISSP domains I studied for many years ago to see what has changed and how much of it I have retained as well as adding in my own personal thoughts, experiences and rambles into the mix. (Domain One) (Domain Two) … Continue reading CISSP Reloaded, Domain 5–Security Architecture & Models →

A Guide to Surviving Black Hat Europe

When Infosec Island sent me to Black Hat, their brief was simple. Find some interesting people to talk to and report back. However, half way through the conference, I realised I bumped into many first time conference goers. They were easy to spot, sat in the back of the halls, mingled with the one person … Continue reading A Guide to Surviving Black Hat Europe →

HD Moore’s Law

Joshua Corman wrote a post entitled HD Moore's Law in which he raises some valid points around the fact that tools like Metasploit make it incredibly easy for anyone with little or no knowledge to be able to test a system for vulnerabilities. Naturally, the purpose of this or other such tools is to aid a … Continue reading HD Moore’s Law →

Black Hat Europe 2012 Roundup

So I’ve been back from Amsterdam for a couple of days and have been reflecting on what I learnt and who I spoke to at Black Hat. I realise a lot of the really juicy info was exchanged under a verbal NDA so I can’t disclose any of that. I also acknowledge I didn’t speak … Continue reading Black Hat Europe 2012 Roundup →

What do you call Blackhat in Amsterdam?

This is my mandatory, “look at me I’m at BlackHat Europe” post. Usually I’ll hide myself away at conferences in the back row and hear out all the talks because I find it much easier to talk about security when I’m alone with my camera in my room. It was my first Blackhat and in … Continue reading What do you call Blackhat in Amsterdam? →

Part of the family

You may have heard me gloating saying that I’m off to Blackhat Europe in Amsterdam. The kind folk at Netpeas are sponsoring and Infosec Island are sending me as one of them. It kind of feels like being welcomed into a family. I’ll be at Blackhat introducing myself as being from the Island even though … Continue reading Part of the family →