System hardening is a term used frequently. But what does it exactly mean and are you doing it right? In simple terms, any system or device out of the box comes with all its bells and whistles belling and whistling. Which is great if you're going to use it to backup your holiday pictures at … Continue reading System Hardening →

When you're faced with an incident what do you do? Do you even realise there's an incident? Do you ignore it? Or do you hide under the covers? All these things happen and usually the best laid plans usually end up in the bin when an incident does strike. How can one prevent this?  Think … Continue reading Incident Management →

At this years Black Hat, I got to speak with Didier Stevens on his latest toolset that he’s released for malicious PDF analysis.   You can find Didier on Twitter or his musings at his blog.

When Infosec Island sent me to Black Hat, their brief was simple. Find some interesting people to talk to and report back. However, half way through the conference, I realised I bumped into many first time conference goers. They were easy to spot, sat in the back of the halls, mingled with the one person … Continue reading A Guide to Surviving Black Hat Europe →

Joshua Corman wrote a post entitled HD Moore's Law in which he raises some valid points around the fact that tools like Metasploit make it incredibly easy for anyone with little or no knowledge to be able to test a system for vulnerabilities. Naturally, the purpose of this or other such tools is to aid a … Continue reading HD Moore’s Law →

We get a lot of questions come in through email, facebook or twitter. So this time we thought we’d take the time to answer a few of them. Send over your questions and maybe next time yours will be picked out of the hat.

A lot of people who are new in the field of infosec ask how they can learn and develop their skills more. So, to answer this common question, I present my favourite free (or inexpensive) ways that you can learn more. Including mentoring. What else do you need? - Have I missed any of your … Continue reading How do I learn more about infosec? →

We all learn from our mistakes as we progress through our careers. Tripwire have compiled a list of 25 mistakes infosec people have made and I'm adding my own. You can see the total list here which feature great examples such as “Yes, a UFO is an unidentified flying object, but it’s probably an alien” … Continue reading Infosec Mistakes →

According to a flier issued by the FBI on how to spot suspicious activity, if you see someone paying for small items like a coffee with cash, it could be a sign that they are up to no good! Other such activities which could be deemed suspicious are: If you try to shield your computer … Continue reading FBI Coffee →

To manage risks better, you often have to recommend or examine controls. The types of controls can be broken down into three types, Protective, Detective and Recovery.