/ Recent content on Hugo -- gohugo.io en-us Mon, 06 Oct 2025 00:48:14 -0500 /posts/2025/how-to-present/ Mon, 06 Oct 2025 00:48:14 -0500 /posts/2025/how-to-present/ Standard Con Presentation Who Are You? Give 3-5 sentences or bullets about who you are, how long you’ve been doing the relevant skill and a 1-2 sentence explanation of what you’re talking about. What Problem Did You Solve? Make this relatable. Tell a story, so the audience can connect with your problem. Ask a question, have you ever had X happen? Tell us /why/ we should care Present Your Possible Solutions I could X, Y, or Z. /posts/2025/ofcivicreligion/ Fri, 03 Oct 2025 10:55:04 -0500 /posts/2025/ofcivicreligion/ Recently a friend pointed me to Jean-Jacques Rousseau’s The Social Contract to help understand the idolatry/worship of Trump, MAGA, and the American government. Its worth reading if you get a moment. Book 4, chapter 8 discusses the idea that a society requires a sort of idolatry called the “Civic Religion” to exist to hold people into a cohesive society. He mentions 2 other forms of religion, the “natural” religion that’s grown from every society of idols and gods and myth, and the “revealed” religion. /posts/2025/3accounts/ Thu, 10 Jul 2025 10:30:38 -0500 /posts/2025/3accounts/ For years, I’ve tried to come up with a normal and sane way to manage money that didn’t involve complicated technical solutions (usually with a high price tag…I’m trying to save money!). I’ve tried everything. YNAB, Mint, GNUCash and everything in between. Finally I settled on the 3 Accounts Method of my own design. Its simple. It is almost set it and forget it. And It automatically helps you fulfill the parallel goals of paying down debt and building savings. /posts/2025/2025.04.22.news-you-should-know/ Tue, 24 Jun 2025 13:30:30 -0500 /posts/2025/2025.04.22.news-you-should-know/ Ransomware crooks search for ‘insurance’ ‘policy’ right away • The Register - Researchers reviewed 3 years of ransomware forensics and found threat actor SOPs usually involve searching for “insurance” in company documents. If found, ransoms are around 2.8x the average. If there’s a double extortion attempt, the ransom is around 5.5x’s higher. Law biz appeals £60K ICO fine over 32 GB digital burglary • The Register - UK law firm loses 32GBs of case data and decides its not a personal data breach. /posts/2025/2025.05.27.news-you-should-know/ Tue, 24 Jun 2025 13:15:48 -0500 /posts/2025/2025.05.27.news-you-should-know/ Wyden: AT&T, T-Mobile, and Verizon weren’t notifying senators of surveillance requests | TechCrunch - In the letter, Wyden, a longstanding member of the Senate Intelligence Committee, said that an investigation by his staff found that carriers were not notifying senators of legal requests — including from the White House — to surveil their phones. A report last year by the Inspector General, revealed that the Trump administration in 2017 and 2018 secretly obtained logs of calls and text messages of 43 congressional staffers and two serving House lawmakers, imposing gag orders on the phone companies that received the requests. /posts/2025/2025.05.20.news-you-should-know/ Tue, 20 May 2025 13:15:08 -0500 /posts/2025/2025.05.20.news-you-should-know/ Hackers scam Coinbase users and ransom data for $20M • The Register - Coinbase said that at no point during the compromise could the attackers have accessed customers’ funds, and confirmed the sources of the data were insiders bribed to steal information on behalf of the extortionists. The company said the data does not include passwords or private keys, but depending on the use, the following details of its customers may be compromised: /posts/2025/2025.05.13.news-you-should-know/ Tue, 13 May 2025 13:14:03 -0500 /posts/2025/2025.05.13.news-you-should-know/ Microsoft ends Authenticator password autofill, moves users to Edge - App will stop storing passwords. Users have until August 1st to move passwords to another option. June 2025: You can no longer save new passwords in Authenticator. July 2025: Autofill will stop working in Authenticator; stored payment info will be deleted. August 2025: Saved passwords and unsaved generated passwords will no longer be accessible in Authenticator. FBI: End-of-life routers hacked for cybercrime proxy networks - Threat actors are breaking into edge devices, notably Linksys and Cisco EoL routers, and adding them to residential proxy botnets. /posts/2025/rsa-cool-thing/ Sat, 03 May 2025 19:18:26 -0500 /posts/2025/rsa-cool-thing/ This years RSAC was a strange experience. AI and Quantum saturated the expo floor, while talks ranged from IT to OT and everything in between. And weird political overtones stifled the environment. Regardless of the weirdness, I decided to hit the expo floor and find the weird, the cool, and the special. And I was successful! Two different companies jumped out at me. One, Oasis offered an actual use case for quantum while Sepio offered a new endpoint security product. /posts/2025/2025.04.15.news-you-should-know/ Tue, 15 Apr 2025 14:27:55 -0500 /posts/2025/2025.04.15.news-you-should-know/ Pharmacist accused of spying on women using work, home cams • The Register - Pharmacist spent nearly a decade installing malware on coworkers PCs, including remote web cam viewers and keyloggers. Pharmacist is currently employed at another healthcare system and is not jailed. While the employer is being sued for failing to protect their infrastructure and employees. VMware revives its free ESXi hypervisor • The Register - Free ESXi is back apparently…if you want it. /posts/2025/2025.04.08.news-you-should-know/ Tue, 08 Apr 2025 14:39:48 -0500 /posts/2025/2025.04.08.news-you-should-know/ One of the last Bletchley Park’s heroes Betty Webb dies • The Register - Webb along with a number of other prominent women in the cryptography field worked at Bletchley Park to help decrypt some 10k German intercepts per day. Women have a long history in the Computer Science and Cryptography fields, I would highly recommend Invisible Women by Caroline Perez, Hidden Figures by Shetterly, BROAD band: The Untold Story of the Women Who Made the Internet - Claire Evans, /posts/2025/so-you-downloaded-a-thousand-tiktoks/ Mon, 07 Apr 2025 13:05:07 -0500 /posts/2025/so-you-downloaded-a-thousand-tiktoks/ We’ve all been there, a friend sends over a funny TikTok, or you want to share it in your Signal chat and you know people aren’t likely to click the link. Plus who wants all that tracking and hidden redirects in a TT link? So what’s to be done? If you’re like me, a quick long press, and “Save Video” and you’re off to the group chat to laugh with your friends. /posts/2025/2025.04.01.news-you-should-know/ Tue, 01 Apr 2025 14:42:41 -0500 /posts/2025/2025.04.01.news-you-should-know/ US defense contractor settles whistleblower suit for $4.6M • The Register - Out of a possible 110 points, MORSE awarded itself 104. A third party assessment of the environment found a catastrophic score of (-)142, Yes, 246 points in the opposite (bad) direction. As part of the settlement, MORSE is handing back $4.6 million to the Feds, and $851,000 of that is going to the ex-employee who blew the whistle. /posts/2025/2025.03.25.news-you-should-know/ Tue, 25 Mar 2025 14:45:46 -0500 /posts/2025/2025.03.25.news-you-should-know/ US POL Federal judge blocks DOGE’s access to Social Security Administration’s banks of personal information | TechCrunch - Hollander said DOGE “never identified or articulated” a reason why it needs access to the “personal and private data of millions of Americans.” CISA fires then rehires security crew, and puts them on hold • The Register - CISA employees are back, but benched. Placed on paid-leave, Red Teamers and other security staff are still in limbo. /posts/2025/2025.03.18.news-you-should-know/ Tue, 18 Mar 2025 14:45:54 -0500 /posts/2025/2025.03.18.news-you-should-know/ Privacy Amazon kills off on-device Alexa processing for Echo owners • The Register - “We are reaching out to let you know that the Alexa feature ‘Do Not Send Voice Recordings’ that you enabled on your supported Echo device(s) will no longer be available beginning March 28, 2025,” a copy of the email sent to Echo users relayed to El Reg read. GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging - Google Messages, iOS Messages, and Android’s default messaging apps will soon all support RCS with End-to-end-encryption (E2EE)! /posts/2025/2025.03.11.news-you-should-know/ Tue, 11 Mar 2025 14:46:00 -0500 /posts/2025/2025.03.11.news-you-should-know/ USCIS mulls policing social media of all would-be citizens • The Register - Social Media assessment that started under the Obama White House will be extended to all resident and documented aliens. Moves the social media scanning from before entry to all immigrants. Badbox is back and a million Android devices were backdoored • The Register - Infected Android machines part of extensive botnet. Devices exploiting residential IP space to serve malicious ads. /posts/2025/2025.03.04.news-you-should-know/ Tue, 04 Mar 2025 14:46:05 -0500 /posts/2025/2025.03.04.news-you-should-know/ China compromised GOP emails ahead of Republican convention • The Register - Notified in July of 2024, the Republic leadership opted to not notify the FBI or seek their assistance. Hegseth orders suspension of Pentagon’s offensive cyberoperations against Russia | AP News - Hegseth can stop Pentagon, but not DHS:CISA or the CIA. DHS says CISA will not stop monitoring Russian cyber threats - CISA says its still in the fight. /posts/2025/posttruthisprefascism/ Sun, 02 Mar 2025 01:38:15 -0600 /posts/2025/posttruthisprefascism/ Notes, Quotes, and Paraphrases from On Tyranny: Twenty Lessons from the Twentieth Century - Timothy Snyder “You submit to tyranny when you renounce the difference between what you want to hear and what is actually the case…As observers of totalitarianism such as Victor Klemperer noticed, truth dies in four modes: 1) Open hostility to verifiable reality. Presenting Inventions and lies as if they were facts. The “Great Leader” lies frequently and without reason. /posts/2025/disillusioned-with-the-church/ Sat, 01 Mar 2025 09:12:09 -0600 /posts/2025/disillusioned-with-the-church/ I have had a continuously growing unease about the churches in America. Setting aside the current political climate, it seems to be increasingly difficult to find a man or woman in a pulpit or a pew who believes in, much less advocates for Jesus’ teachings. They may pay lip service to the Sermon on the Mount, but their lives will tell you a much different story. And as much as I had become dismayed at this fact, I was excited to see that scripture already offered an answer for it. /posts/2025/2025.02.25.news-you-should-know/ Tue, 25 Feb 2025 14:49:29 -0500 /posts/2025/2025.02.25.news-you-should-know/ Decade-old healthcare security SNAFU settled for $11M • The Register - Health Net Federal Services (HNFS) and its parent company Centene Corporation, were found liable of lying on security attestations and ignoring 3rd party audits of their environment from 2015-2018. Fine amounts to 0.0067% of it’s 2023 revenue ($163Bn). Thousands of trafficked scammers await return to Thailand • The Register - Prime Minister Shinawatra said around 7,000 individuals are awaiting transfer to Thailand after being rescued from call centers in Myanmar. /posts/2025/2025.02.18.news-you-should-know/ Tue, 18 Feb 2025 14:49:38 -0500 /posts/2025/2025.02.18.news-you-should-know/ Meta confirms ‘Project Waterworth,’ a global subsea cable project spanning 50,000 kilometers | TechCrunch - Meta will string a cable from the US, Brazil, India, South Africa, and elsewhere. The US Gov’t has committed to the Indian government to assist in this project. Meta-owned Facebook and Insta currently account for 10% of all fixed-internet traffic, and 22% of all mobile traffic. Valve removes Steam game that contained malware | TechCrunch - Constant vigilance. /posts/2025/2025.02.11.news-you-should-know/ Tue, 11 Feb 2025 14:49:51 -0500 /posts/2025/2025.02.11.news-you-should-know/ Beware of DDoSes from Mirai-based botnet of Mitel phones • The Register - Mitel, the phone thats sat on hundreds of desks across the world may have default credentials, and may have been roped into a Mirai botnet as part of the new Aquabotv3. Just a reminder to patch everything. Everywhere. All the time. Lazarus Group’s latest heist hits hundreds globally • The Register - Phantom Circuit, planted backdoors in clones of legitimate software packages and open source tools so that developers and others specifically in the cryptocurrency industry would accidentally use them, compromising their machines. /posts/2025/2025.01.28.news-you-should-know/ Tue, 28 Jan 2025 14:52:54 -0500 /posts/2025/2025.01.28.news-you-should-know/ Sweden seizes vessel after another undersea cable damaged • The Register - Trans-Baltic cables between Latvia and Sweden were attacked the 26th. This makes the third cable in 2 months in the Baltics. The first being a Between Finland-and-Estonia and Finland-and-Sweden. China and frieds say they’re hurting cyber-slave scam camps • The Register - China and other Asian nations (Cambodia, Laos, Myanmar, Thailand, Vietnam) are concentrating on cyber-scam slave camps. Many tech-support and romance scams are staffed by human slaves in border regions in Myanmar, Laos, Cambodia, and Thailand. /posts/2025/2025.01.21.news-you-should-know/ Tue, 21 Jan 2025 14:53:01 -0500 /posts/2025/2025.01.21.news-you-should-know/ ChatGPT crawler flaw opens door to DDoS, prompt injection • The Register - OpenAI’s web crawler has been weaponized by researches creating 20 - 5k requests per single API call to the crawler. GM settles charges it shared driver location data • The Register - GM collected up to the second GPS data of vehicles, then sold it to Insurance companies to justify raising their premiums Fortinet: FortiGate config leaks are genuine but misleading • The Register - 15k Fortinet routers hacked, downloads of the Fortinet config, as well as credentials for the VPN users were also made available. /posts/2025/2025.01.14.news-you-should-know/ Tue, 14 Jan 2025 14:53:10 -0500 /posts/2025/2025.01.14.news-you-should-know/ Scams & Breaches Scammers file first — Get your IRS Identity Protection PIN now - Get signed up for a IP PIN for the IRS, before someone else does your taxes. FCC chief urges auction to fund ‘Rip and Replace’ program • The Register - To fund the removal of Huawei and ZTE equipment from American networks, the FCC is considering a spectrum fire sale. The last sale of Advanced Wireless Services spectrum (for mobile operators) saw AT&T, Verizon, and T-Mobile, among others raise $45bn. /posts/2025/book-notes-managers-path-fournier/ Thu, 09 Jan 2025 20:44:16 -0600 /posts/2025/book-notes-managers-path-fournier/ Intro This book was recommended to me by one of the most intentional managers I’ve ever had the pleasure of working with. Matt R. brought me in as a Senior Cybersecurity Engineer at Cradlepoint and oversaw my transition to Manager of that same engineering team. Throughout my time with Matt, he worked diligently to hold me to the tenets laid about by Ms. Fournier in this book and to encourage me to be a better leader for my team. /posts/2025/2025.01.07.news-you-should-know/ Tue, 07 Jan 2025 13:21:21 -0600 /posts/2025/2025.01.07.news-you-should-know/ Apple Apple offers $95M settlement in Siri privacy lawsuit • The Register - Something as simple as a zipper or an individual raising their arms would cause Siri to start recording. Lopez, et al v. Apple Inc will be settled for $95 million if the N. California District Court approves. Apple CEO Tim Cook had previously told Congress that Siri’s recording features required a “clear, unambiguous trigger”, i.e.; “Hey Siri” Siri-enabled Apple users from 2011-to an unknown date will likely be eligible diluting individual payouts. /posts/2024/2024.12.31.news-you-should-know/ Tue, 31 Dec 2024 12:30:04 -0600 /posts/2024/2024.12.31.news-you-should-know/ One Offs Microsoft flags Windows 11 24H2 install media issue • The Register - If you used a USB stick with October or November’s updates installed, your system won’t accept any additional updates. Make sure to re-write your USB stick using December 24’s Critical Apache Struts bug under active exploit • The Register - Guess who’s back, back again. Apache Struts, in-famous for being the source of the Equifax breach in 2017, is back with CVE-2024-53677 a rehash of a vulnerability discovered in Dec 2023. /posts/2024/2024.11.12.news-you-should-know/ Tue, 12 Nov 2024 12:17:02 -0600 /posts/2024/2024.11.12.news-you-should-know/ GeoPolitics China’s Volt Typhoon breached Singtel, reports say • The Register - Volt Typhoon reportedly breached Singapore Telecom over the summer. Highlighting why Cyber Threat Intelligence can at times be beneficial for more advanced orgs. N Korea may receive tech in exchange for military support • The Register - DPRK has provided around 10,000 troops to Putin’s war in Ukraine. After DPRK successfully conducted a 90 minute missile flight the US and its allies are starting to wonder exactly what Pyongyang got in exchange for those troops. /posts/2024/capacity/ Tue, 29 Oct 2024 14:58:39 -0500 /posts/2024/capacity/ No one likes the sappy I’m such a good manager look at me manage with my great insights post. But every now and then I learn something and I think other people who are moving from a technical resource to a leader may gain insight or value from it. So I share here. Civilian corporate leadership has been a whole different bag than military leadership. In the Army, most of my unit was planned out months or even years in advance. /posts/2024/2024.10.29.news-you-should-know/ Tue, 29 Oct 2024 12:29:51 -0500 /posts/2024/2024.10.29.news-you-should-know/ Breaches ‘Satanic’ data thief hits 350M Hot Topic shoppers • The Register - HotTopic, Torrid, and Lunchbox shoppers (around 350m) of them have had a few bits of info stolen; names, emails, physical addresses, dates of birth, last four digits of customers’ credit cards, card types, hashed expiration dates, and account holder names. Likely just watch out for My Neighbor Totoro-themed phishes and you’ll be ok. Skyscraper-high sewage plume erupts in Moscow • The Register - A Ukranian hacker group claims to have disrupted 87k alarms, destroyed 70 servers, and wiped 90TBs of data to pull off the hack. /posts/2024/2024.10.22.news-you-should-know/ Tue, 22 Oct 2024 12:25:46 -0500 /posts/2024/2024.10.22.news-you-should-know/ Politics World Iran U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign Iranian hackers act as brokers selling critical infrastructure access - US and Allies are warning that Iran has ran a year long campaign to break into water, waste-water, electrical plants, government, healthcare, and telecom systems to serve as an Initial Access Broker, selling credentials to other nations, threat actors, etc… These IAB’s aren’t damaging the networks, simply staging an maintaining a presence on the network until it can be sold or made useful. /posts/2024/rss/ Thu, 17 Oct 2024 22:50:14 -0500 /posts/2024/rss/ What Is RSS? RSS or Really Simple Syndication is a protocol left over from the early days of the second internet. Adopted widely in the early 2000s, RSS became a privacy conscious way for users to get updated information from disparate news sources, blogs, content creators, and the like without having to visit individual sites. An interested reader could simply drop an RSS link into an aggregator and curate an “OPML” file of interesting blogs, video content creators, news channels, and other interesting content. /posts/2024/yogurt_chicken_and_childlabor/ Wed, 16 Oct 2024 23:54:11 -0500 /posts/2024/yogurt_chicken_and_childlabor/ This post began as a diatribe by myself to an invisible audience in my travel journal. My infant daughter (Nibble,1f) is on vacation with us and has been eating copious amounts of Greek Yogurt to help combat the diarrhea caused by an antibiotic, cefdinir. In my musings, I wandered what it would have been like to travel with an infant suffering an ear infection with little to soothe her than the ineffective and near-witchcraft style medicine available prior to the age of antibiotics. /posts/2024/2024.10.08.news-you-should-know/ Tue, 08 Oct 2024 13:18:49 -0500 /posts/2024/2024.10.08.news-you-should-know/ Mobile News Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (thehackernews.com) - Google will now allow their Pixel phones to be configured to ignore 2G downgrade attacks caused by Stingrays (cell-site simulators) and other devices that emulate a cellular baseband (tower) controlled by their service provider. This will prevent attacks like those performed by Intellexa and Predator using the Triton malware. This will also prevent SMS Blasting which bypass carrier spam protections. /resume/resume/ Thu, 19 Sep 2024 00:06:11 -0500 /resume/resume/ Dynamic Cybersecurity and Communications professional seeking an opportunity to expand current skill set while educating peers and business partners on Defense-in-Depth and fostering a Security-first culture. Relevant Experience Manager - Security Solutions, Cradlepoint Inc (September 2022 – Current) Led a team of cybersecurity engineers in designing, implementing, and maintaining security solutions in accordance with best practices and regulatory requirements Developed and executed strategic initiatives to enhance the organization’s cybersecurity posture, including risk assessments, threat modeling, and vulnerability management. /posts/2024/2024.09.10.news-you-should-know/ Tue, 10 Sep 2024 11:39:00 +0000 /posts/2024/2024.09.10.news-you-should-know/ Privacy News Data watchdog fines Clearview AI $33M • The Register - Clearview scrapes photos from all over the internet, adds them to its database, then sells the data to advertisers and governments, some who use it without appropriate legal permissions (think 4th amendment/warrantless surveillance issues) Election News Spamouflage trolls pretend to be American patriots on X • The Register - #China - People’s Republic of China propaganda crew ramps up X and TikTok work claiming to be American citizens and “frustrated Conservatives”. /posts/2024/2024-09-08/ Sun, 08 Sep 2024 00:41:10 -0500 /posts/2024/2024-09-08/ The Concept Recently I read a great article called Try to Fix It One Level Deeper by Alex Kladov, in which he discusses a unique (to me) approach to squashing software bugs. Instead of just fixing the bug at hand, Alex encourages the reader, and his team to dig one level deeper. Really determine why the bug exists at all. Is this parameter really being mishandled? Or should we even be asking for this parameter? /posts/2024/2024.08.27.news-you-should-know/ Tue, 27 Aug 2024 10:10:00 +0000 /posts/2024/2024.08.27.news-you-should-know/ Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide (thehackernews.com) - Hardware backdoor means even with appropriate controls, threat actors can still attack hotel and office doors around the globe. The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes. Russia fears Ukraine hijacking home CCTV systems for intel • The Register - This is genius, the Russians have asked users in the Bryansk, Kursk, and Belgorod regions to shut off dating apps and IP cameras that Ukranians are using for intelligence gathering. /posts/2024/2024.08.20.news-you-should-know/ Tue, 20 Aug 2024 10:12:00 +0000 /posts/2024/2024.08.20.news-you-should-know/ CISA warns of Jenkins RCE bug exploited in ransomware attacks (bleepingcomputer.com) - Jenkins vulnerabilities from January being used by threat actors for Remote Code Execution. Patches should be applied in every environment. Exploitation of this vuln and proof of concepts hit the web less than 48hrs after the issue was identified. GitHub Actions artifacts found leaking auth tokens in popular projects (bleepingcomputer.com) - GitHub breaks the principle of least astonishment/surprise by including tokens, api keys, other key material in artifacts download. /posts/2024/alerting/ Thu, 06 Jun 2024 14:22:27 -0500 /posts/2024/alerting/ So You Want To Build A SOC Or How To Lose Your Mind In 10 Weeks A number of companies I’ve worked for have security tools in place, but they’re almost always half-configured, half-utilized, and no one has a good idea what’s missing or what should be there. Luckily, there’s a solution, or at least a tool that can help us move towards a solution. The MITRE ATT&CK Framework Enter the MITRE ATT&CK Framework. /posts/2024/2024-06-05/ Wed, 05 Jun 2024 23:47:36 -0500 /posts/2024/2024-06-05/ Troubleshooting A Quick Primer The Back Story A friend called and requested some assistance with her electrical. She had moved into a new (to her) house recently and she feared the electrical had gotten the landlord/flipper special. Spoiler turns out she was right, at least to a point. And now one of the circuits in the kitchen was no longer working. I don’t know if you’ve ever tried to cook in the dark but its not a pleasant experience. /posts/2024/thoughts-for-a-new-leader/ Fri, 10 May 2024 13:13:00 +0000 /posts/2024/thoughts-for-a-new-leader/ What follows is a list of thoughts crafted in an airport terminal in San Jose, California hours after completing my first attendance at the RSA Conference. This also happens to be the anniversary of my first year as a people leader in the security engineering space. (I had previously mentored and led soldiers in the US Army and in various other civilian industries including Optical Lens Manufacturing and Operational Incident Response. /posts/2024/rsa-day-3/ Thu, 09 May 2024 00:56:00 +0000 /posts/2024/rsa-day-3/ (Posting this a day late as I was crazy exhausted yesterday after walking nearly ten miles! I literally laid down in the room at 22:30 and woke up at 04:30 still in my clothes, lights on, etc…. I think I was effectively conferenced out, and that was only Day 3!) Great tracks today and some exciting notes. Plus I got to hit the Expo floor. Here’s the talks I made it to: /posts/2024/rsa-day-2/ Mon, 06 May 2024 23:57:00 +0000 /posts/2024/rsa-day-2/ Today was a great opportunity to see what RSA was all about. We walked over early to get badges and get checked in. The conference provided us with a decent swag pack, an RSA branded bag, water bottle (something I hadn’t been able to find at any of the airports along the way), a notebook, a pen, a shirt, and for newbies, a “First Timer” pin. We stepped to grab breakfast and then hit up the talk track, I had stupidly “favorited” all my talks instead of “reserving” them so I had some quick choices to make. /posts/2024/rsa-day-1/ Sun, 05 May 2024 23:42:00 +0000 /posts/2024/rsa-day-1/ Today was a travel day to RSA 2024. It started off simple enough, boarding at my municipal airport, then a puddle jumper to the nearest metro-airport, Atlanta. Luckily, as if there wasn’t enough anxiety around Boeing aircraft, our initial plan was inoperable and a secondary plane had to be found delaying our flight. Considering Boeing’s in the business of killing whistleblowers this week, and they make roughly 90% in Delta’s fleet (Atlanta is Delta’s home turf) it didn’t look like I was going to make it west on a non-Boeing flight. /about/about/ Thu, 02 May 2024 01:01:30 -0500 /about/about/ Technologist, Father, Christian Justin McAfee is a multifaceted professional with diverse backgrounds in cybersecurity engineering, privacy advocacy, ministry, and the military. Born and raised in the foothills of Tennessee, Justin has always been passionate about hard work and providing for his family. Alongside raising goats, chickens, and pigs on their farm, Justin and his wife Hailey have three wonderful daughters who are at the center of their lives. Justin’s military career began as a United States Army Reserve Soldier, Paratrooper, and Psychological Operations Specialist. /posts/2024/2024-05-02/ Thu, 02 May 2024 00:59:01 -0500 /posts/2024/2024-05-02/ Hello World Welcome to my little slice of internet freedom. I hope to start moving a number of my writings here and making this a comfortable place for musings, software configuration guides, security issues and the like. After all the fight I had to get Hugo, Alpine, Proxmox, Nginx, and LetsEncrypt configure, this better be worth the trouble. Then again, is anything ever really? If anything I learned a hundred ways to not do things and thats got to be worth something. /posts/2023/email/ Fri, 22 Dec 2023 18:22:00 +0000 /posts/2023/email/ 300 Emails? It was 24 hours! I would have never thought as a front line manager of a small team that I could receive as much email as I do. It’s so overwhelming, I’ve taken to putting my Out of Office as “Due to the volume of email, I will be deleting all email received in my absence. Please hold important correspondence til my return on 3 January 2024”! So, how do we communicate to our peers and leaders if they’re also receiving this much email, or multitudes more? /posts/2023/velociraptor-offline-collector/ Fri, 01 Dec 2023 07:37:00 +0000 /posts/2023/velociraptor-offline-collector/ This is a living document and may be incomplete. Updated 1DEC2023 Locating Evidences of Execution using Prefetch, Velociraptor, and Zimmerman’s PECmd Prefetch is a common Windows artifact used for determining the first and last incidences of a program being executed. This file is a binary blob stored at $:\Windows\Prefetch and consists of a series of files named APPLICATION-GUID.pf. These files contain the name of the executable, the last n run date time groups a hash of the executable and path, and a list of files accessed by the . /posts/2023/show-and-tell/ Sun, 12 Nov 2023 15:13:00 +0000 /posts/2023/show-and-tell/ Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. /posts/2023/2023.10.17.news-you-should-know/ Tue, 17 Oct 2023 08:40:00 +0000 /posts/2023/2023.10.17.news-you-should-know/ CDW investigating ransomware gang claims of data theft (therecord.media) - #Ransomware #ThreatActor - CDW acknowledges breach of a subsidiary of a division of a business area. Threat actors miffed over $1m offer after $80m demand. HTTP/2 ‘Rapid Reset’ zero-day exploited in biggest DDoS yet • The Register - #Research #ThreatActor - Largest ever DDoS…from smallest ever botnet? 20k bots (multitudes smaller than previous botnets) were able to abuse HTTP/2 streaming to request hundreds of assets from a server over a single TCP stream (a feature of HTTP/2) then cancel those request midstream and request a hundred assets again. /posts/2023/libwebp-cve-2023-4863/ Thu, 28 Sep 2023 17:17:00 +0000 /posts/2023/libwebp-cve-2023-4863/ Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications. This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms. /posts/2023/2023.03.21.news-you-should-know/ Wed, 22 Mar 2023 14:40:00 +0000 /posts/2023/2023.03.21.news-you-should-know/ Silicon Valley Bank collapsed this month causing credit ratings of major banks to drop and another to fail. While a multitude of information about this is available we find it most interesting because threat actors are using the collapse as pretext for scam emails. These emails are sent to trusted third-party businesses asking for updates to the accounts payable or EFT details to threat actor controlled accounts. E.g.; “Our SVB account isn’t good anymore please use Threat Actor National Savings and Loan account 12345” /posts/2023/2023.02.28.news-you-should-know/ Tue, 28 Feb 2023 11:48:00 +0000 /posts/2023/2023.02.28.news-you-should-know/ Mobile World Congress will feature highlights of mobile networks being utilized in the Russo-Ukrainian conflict Discussions will be held around Ukraine and Russia’s use of civilian mobile network infrastructure, the dangers of geo-location data, and the largest roaming disablement in mobile networking history. NIST is accepting comments on the newest version of the Cyber Security Framework {PDF} This version will seek to expand the below capabilities and provide additional guidance: /posts/2023/malicious-onenote/ Tue, 24 Jan 2023 23:12:00 +0000 /posts/2023/malicious-onenote/ Anatomy of a Malicious Email Attachment With Microsoft’s recent changes to macros within the Office and M365 suite, Threat Actors have changed their TTPs to utilize the OneNote (.one) file type for Malicious Code Delivery TL;DR (.one) files are a binary blob capable of embedding any file type. Threat actors are utilizing the prolific nature of OneNote to execute malicious code on endpoints. Block (.one) files from incoming email and dissociate commonly abused file extensions. /posts/2023/2023.01.17.news-you-should-know/ Tue, 17 Jan 2023 11:37:00 +0000 /posts/2023/2023.01.17.news-you-should-know/ Microsoft is set to introduce significant changes to the Windows enterprise over the next year. With multiple security settings going from recommended to enforced. Highlights include the EOL for AD Connector 2.0.x, changes to MFA, and the end of standalone Office Apps for 2016/19. Caniphish’s Sebastian Salla published a review of thousands of misconfigured SPF records today allowing emails to be sent on behalf of foreign governments, the Massachusetts Institute of Technology, the University of Miami, among others. /posts/2023/2023.01.10.news-you-should-know/ Tue, 10 Jan 2023 12:46:00 +0000 /posts/2023/2023.01.10.news-you-should-know/ House omnibus spending bill brings three interesting cybersecurity measures. Section 7030 will require cybersecurity to be a key consideration in the adoption of technology and specifically 5g technologies for members of the Digital Connectivity and Cybersecurity Partnership. The “No TikTok on Government Devices Act” bans the use of the Chinese-owned ByteDance company’s TikTok social media platform on goverment owned devices with power being given to the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to dictate how application management is performed. /posts/2023/2023.03.01.news-you-should-know/ Tue, 03 Jan 2023 10:17:00 +0000 /posts/2023/2023.03.01.news-you-should-know/ Google Chrome 110, slated for release on Feb 7th will drop support for Windows 7 and Windows 8.1. This matches Microsoft’s end-of-life date for Windows 7 and 8.1 extended support. Raspberry Robin targets financial institutions in Europe, current victim profiles seem to show Threat Actors targeting Spanish and Portugeuse speaking institutions. The offensive framework recently underwent updates to provide polymorphic code, preventing hashes or signatures to have much effect against detection. /posts/2022/2022.20.12.news-you-should-know/ Tue, 20 Dec 2022 13:14:00 +0000 /posts/2022/2022.20.12.news-you-should-know/ Most of the Information Security community has fled Twitter in favor of a Mastodon instance Infosec.Exchange Mastodon is a federated replacement for Twitter and has balloned from 100k user to over 2.5m users since Musk’s takeover of the Twitter platform. As most vendors, businesses, consultants, and infosec personalities made the move to Mastodon, so has the public zeitgeist of up-to-date security news and disclosures. To keep tabs, you can check out the public feeds CTI and ThreatIntel (These tags do not require an account to view. /posts/2022/racism-fascism-and-other-human-problems-on-mastodon/ Sun, 27 Nov 2022 07:38:00 +0000 /posts/2022/racism-fascism-and-other-human-problems-on-mastodon/ I am continually fascinated by the amount of users from the Twitter Diaspora who are decrying the lack of robust fixes for socialogical issues within the Fediverse at large, but specifically within the Mastodon social media realm. It is not any surprise to those of us that have studied human behavior or history that bigots and other practicers of vile “-isms” are to be found on the fediverse as every where else. /posts/2022/mastodon-privacy-for-small-instances/ Sat, 26 Nov 2022 21:50:00 +0000 /posts/2022/mastodon-privacy-for-small-instances/ Mastodon, one of many social media platforms on the Fediverse, has attracted a lot of attention since the purchase of Twitter by Elon Musk. With some instances growing by tens of thousands of users in as little as a week, and new personal instances popping up everywhere, I thought I’d take a moment to look at some of the security and privacy features. As instances are usually ran by a tech savvy individual and service a small group of friends, family, and colleagues, it seems imperative that privacy be at the forefront, especially for marginalized groups. /posts/2022/impostor-syndrome/ Fri, 11 Nov 2022 09:55:00 +0000 /posts/2022/impostor-syndrome/ “Do you not know, my son, with how little wisdom the world is governed?” ― Axel Oxenstierna, Lord High Chancellor of Sweden to his son who feared holding his own as a peace delegate at the Peace of Westphalia I find that people in the Information Security field often believe that others are smarter than them, or more educated or experienced than them. But my experience has been the opposite. /posts/2022/host-identification-through-wpad-web-proxy-auto-discovery-dns-queries/ Tue, 22 Feb 2022 19:56:00 +0000 /posts/2022/host-identification-through-wpad-web-proxy-auto-discovery-dns-queries/ DNS is by far my favorite passive way to identify required resources and to perform reconnaissaince against a host. DNS is one of the least secured protocols and runs as a fairly untrusted WPAD can be a great resource for identifying hosts home domains without a lot of DNS /posts/2021/hear-model/ Sat, 17 Jul 2021 21:47:00 +0000 /posts/2021/hear-model/ Photo by Oladimeji Ajegbile from Pexels This method of Bible study was handed down to me in 2008 at The University of Tennessee Chattanooga’s Baptist Collegiate Ministries (UTC-BCM). At the time Robbie Gallaty was leading Brainerd Baptist and had an intense focus on discipleship and relationship in the church family. His dedication to discipleship led to a resurgence of strong Godly men and families leading small groups in the community. /posts/2021/endlessh-by-chris-wellens-githubskeeto/ Fri, 29 Jan 2021 21:30:00 +0000 /posts/2021/endlessh-by-chris-wellens-githubskeeto/ “Los Angeles CA ~ La Brea Tar Pits” by Onasill ~ Bill Badzo - - 70M Views is licensed under CC BY-NC-ND 2.0 I recently completed the SANS SEC503: Network Intrusion Detection course and while there is more than enough information to melt your brain, I picked up a few tricks I’d never seen before. I’d like to share one of the quickest and most practical here. EndleSSH by Chris Wellens is a tarpit for would be SSH brute force attackers. /posts/2018/the-eisenhower-matrix/ Fri, 07 Dec 2018 11:11:00 +0000 /posts/2018/the-eisenhower-matrix/ The Eisenhower Matrix was formalized and popularized by Business Thinker Stephen Covey in his book “7 Habits of Highly Effective People” based on a quote and life advice from President Dwight D. Eisenhower. Eisenhower, a General famous for his mastery of Operation Torch, the invasion of Northern Africa during World War II and later the approving authority for NASA, understood the importance of prioritization at every level. From commanding troops on the battlefield, to beating the Soviets in space, Eisenhower understood the long and short game and used it to become one of the most successful Presidents in America’s history. /posts/2018/the-productive-mans-guide-to-journaling/ Fri, 07 Dec 2018 11:06:00 +0000 /posts/2018/the-productive-mans-guide-to-journaling/ Who Am I and Why Should You Care? I am a specialist in process analysis and design with a background in automation. After serving six years in a Special Operations military occupational specialty, I brought my skills to the private sector. Since then I have specialized in helping small businesses and charitable organizations with process definition, documentation, and engineering. This skill has helped insure that my clients are able to prioritize and focus costs on what matters most while saving time and money. /posts/2018/food-list/ Tue, 09 Oct 2018 08:54:00 +0000 /posts/2018/food-list/ Originally published in 2016, here is a list of the things I keep in my home pantry. Note, we have re-acquired chickens and now hold around 125-150 birds at any given time. I keep 12-15 cans of the following in my pantry at all times and rotate the oldest forward. Throughout the week we make a list on the fridge of any cans we use. Weekly my wife and I go to the store and replace what ever we’ve taken out of the stores. /posts/2018/psychologist-programs/ Wed, 22 Aug 2018 12:56:00 +0000 /posts/2018/psychologist-programs/ /posts/2018/a-moment-between-shoulder-blades/ Wed, 22 Aug 2018 07:28:00 +0000 /posts/2018/a-moment-between-shoulder-blades/ At the end of every summer I come to a place where I don’t want to be The years move by faster the summers move quicker than they ever have before and the time we had slips quicklythrough our hands But every once and a while you find a second and you grab that time and you hold onto it for all its worth Because those few moments are like gold /posts/2018/rules-for-it-professionals/ Thu, 07 Jun 2018 10:27:00 +0000 /posts/2018/rules-for-it-professionals/ 0: Everyone Lies, users especially so. 1: Check the simple things before you move on to the hard stuff. ALL of the simple things. 2: Question all assumptions. 3: Don’t give up easily. 4: When all else fails, see #1. I’ll add more as they become available. /posts/2018/micro-sports-betting/ Tue, 15 May 2018 06:21:00 +0000 /posts/2018/micro-sports-betting/ As Old Betting Laws Fall, New Technology May Prevail Bottom of the eighth, bases are loaded, scores tied with two outs. The batter steps to the plate as the pitcher and catcher sign quickly to each other. The crowd, already on edge, stares intently at their phones. Panicked tapping ensues as bets are placed. Two to one strike. Five to one bunt. Three to one foul ball. As the batter winds up for the pitch, screens freeze; betting is now locked. /posts/2018/orwell-comes-knocking/ Sat, 12 May 2018 07:15:00 +0000 /posts/2018/orwell-comes-knocking/ As America continues its free-wheeling descent into the hell that is a Police state, efforts ramp up to protect the common man. Department of Homeland Security officials have requested bids for a Media Monitoring Service that would have the ability to scan more than 290.000 news sources in and outside the US, and store journalists, editors, correspondents, social media influencers, and bloggers in a database that must be searchable for “content” and “sentiment”. /posts/2018/why-im-leaving-facebook-and-you-should-too/ Tue, 27 Mar 2018 10:43:00 +0000 /posts/2018/why-im-leaving-facebook-and-you-should-too/ Why I’m Leaving Facebook and You Should Too. After years of abusive privacy invasions by the social media giant, the recent leak regarding Cambridge Analytica is causing a hemorrhage of users and advertiser dollars. Earlier this month, Facebook acknoweldged that data from over 50,000,000 users had been illicitly obtained by data mining and political consulting firm, Cambridge Analytica. The data, while legally obtained by the social media site, Facebook, had been taken from friends of friends who did not consent to the collection by Cambridge Analytica. /posts/2018/statement-regarding-intel-bug/ Wed, 03 Jan 2018 07:06:00 +0000 /posts/2018/statement-regarding-intel-bug/ I am at a loss for words. As the reality of the Intel bug settles in, the tech community has been shaken. For years we have falsely assumed the security of virtualization technologies. The convenience and ease of ‘spinning up’ and ‘blowing away’ vms (virtual machines) in server farms has become standard practice across the globe. Even McAfee Media Solutions utilizes virtualization to manage our web and vpn servers; helping us reduce costs and insure greater up times. /posts/2018/undersecretary-of-state-goldstein-recommends-vpns-to-iranians-amidst-fbi-criminalization-of-anonymity-tools./ Tue, 02 Jan 2018 11:29:00 +0000 /posts/2018/undersecretary-of-state-goldstein-recommends-vpns-to-iranians-amidst-fbi-criminalization-of-anonymity-tools./ As bloody protests continue in the Islamic Republic of Iran, Iranian officials have blocked internet access to Facebook, Instagram, and other social media websites. Amid the protests, the US Undersecretary of State Steven Goldstein has voiced concern over the behavior of Iranian officials and encouraged Iran to stop limiting external access to the countries users. “They are legitimate avenues for communication,” Goldstein said. “People in Iran should be able to access those sites. /posts/2025/2025.04.29.news-you-should-know/ Mon, 01 Jan 0001 00:00:00 +0000 /posts/2025/2025.04.29.news-you-should-know/ Ripple NPM supply chain attack hunts for private keys • The Register - Threat actors were able to publish 5 new versions of the official Ripple NPM package, all with malicious code to steal keys. Ripple holders should consider rotating keys if they’ve made use of any of the packages. Effected are NPM hosted packages for 4.2.1-4 and 2.14.2. UN says scam call center epidemic is expanding globally • The Register - SE Asian OCGs (Organized Crime Groups) are feeling the heat in the South Pacific and moving abroad.