Posts Tagged ‘information security’

We'll Crack Through This Code Tonight

Track the Triad to Tria(d)ge

As usual of my blog – the following anecdote unfolds the subject of my blog.… Have you met oxymoron characters? I have and I am going to describe an incident in one such character’s life: I know a balding old gentleman who is stung by an oxymoron combination of OCD (Obsessive Compulsive Disorder) and absent […]

Corporate Russian Roulette

The Corporate Game of Russian roulette! His last chance to spare himself and his billionaire empire is in hands of a Russian roulette game.  A weapon loaded with 5 bullets and one empty chamber lies on his table in front of him. His psyche mind winds up algorithmic yet he stood steady on the white […]

Phishing Attacks – How Your Old Passwords Can Come Back To Bite You

As a security professional, I spend a considerable amount of time building awareness around good password hygiene, and I am starting to see forward progress in efforts like moving users away from short passwords to longer passphrases.  But even as we are moving towards better password selection, most people don’t know that their old passwords […]

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Imagine that you work on different engagements or projects in which Kali Linux is one of your primary tools.  Furthermore, maybe you also have the need to keep the data for each of those projects isolated from the others – in other words, you need to avoid cross-contamination between your projects.  In this article I […]

Application security assessment

How To Use The AWS API With S3 Buckets In Your Pen Test

Pen testers often need to stage payloads and other tools on servers outside of their own infrastructure.  In this post I’ll show you how to use the Amazon AWS command line interface (CLI) to dynamically create and manage S3 buckets that you can use in your own pen tests.  I’ll also show you how to […]

password manager

Here’s Why You Should be Using a Password Manager

I do not mean a notebook with handwritten passwords or even a spreadsheet.  I mean software designed specifically to generate and safely store your passwords.  We have all heard about sticky notes under the keyboard, or even worse on the monitor.  The current browsers can store your passwords for you and, assuming you have an […]

How Microsoft Word “Protected View” Stops Information Leaks

Microsoft Word has long offered support for loading images and templates over the network.  This is a great feature within corporate environments because it facilitates the reuse of assets like logos and corporate document templates.  Unfortunately, these features can be abused by bad actors to obtain operational intelligence on individuals, or even to steal credentials.  […]

Introduction to Data Masking Transformation in Informatica

Introduction On a daily basis, data growth is expanding at a pace greater than the expansion of the universe itself. It makes our lives better, but it also has the capability of reflecting the vulnerabilities of a person or an organization. Data is like Infinity Gauntlet. If you know how to use it, like Thanos […]

How To Connect Your Android Phone To Your AWS-Based VPN Server

In my previous post, How to Set Up Your Own VPN Server Using Amazon Web Services, we set up and configured an OpenVPN server using Amazon Web Services, and then we configured Windows and Linux machines to use the new VPN server.  In this post, I’ll show you how to setup your Android phone to […]

Security Starts at Home and So Does Information Security

As a Perficienite, I have been involved in ISO27001, SSAE-16 and HIPAA assessments and have learned the need for information security. I would like to give back my knowledge and awareness to all in a more palatable form without the jargon. This blog is the result. This blog is intended to develop awareness on general […]

Panel Discussions: Do This, Not That

About a month ago I attended a local infosec panel discussion (Detect and Defend,  hosted by the St. Louis Business Journal).  I’ve seen a lot of panel discussions, and I’ve even been a panelist from time to time, but none of those events were as particularly engaging as this one.  All of the panelists seemed […]

Jump-Start Your Secure Coding Program With OWASP ASVS 3.0

The concept of secure coding used to be a little hazy, one of those you’ll-know-it-when-you-see it concepts.  Patterns for secure coding generally arrived as one-offs, where some vendor would recommend their product/library/framework  because it “solved critical security problem X and here’s why…”  Recently, however, the vast number of data breaches reported in the news has dramatically driven […]

Load More