2023.01.17.News You Should Know

January 17, 2023 - 2 mins read

Microsoft is set to introduce significant changes to the Windows enterprise over the next year. With multiple security settings going from recommended to enforced. Highlights include the EOL for AD Connector 2.0.x, changes to MFA, and the end of standalone Office Apps for 2016/19. Caniphish’s Sebastian Salla published a review of thousands of misconfigured SPF records today allowing emails to be sent on behalf of foreign governments, the Massachusetts Institute of Technology, the University of Miami, among others.

2023.01.10.News You Should Know

January 10, 2023 - 3 mins read

House omnibus spending bill brings three interesting cybersecurity measures. Section 7030 will require cybersecurity to be a key consideration in the adoption of technology and specifically 5g technologies for members of the Digital Connectivity and Cybersecurity Partnership. The “No TikTok on Government Devices Act” bans the use of the Chinese-owned ByteDance company’s TikTok social media platform on goverment owned devices with power being given to the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to dictate how application management is performed.

2023.03.01.News You Should Know

January 3, 2023 - 3 mins read

Google Chrome 110, slated for release on Feb 7th will drop support for Windows 7 and Windows 8.1. This matches Microsoft’s end-of-life date for Windows 7 and 8.1 extended support. Raspberry Robin targets financial institutions in Europe, current victim profiles seem to show Threat Actors targeting Spanish and Portugeuse speaking institutions. The offensive framework recently underwent updates to provide polymorphic code, preventing hashes or signatures to have much effect against detection.

2022.20.12.News You Should Know

December 20, 2022 - 2 mins read

Most of the Information Security community has fled Twitter in favor of a Mastodon instance Infosec.Exchange Mastodon is a federated replacement for Twitter and has balloned from 100k user to over 2.5m users since Musk’s takeover of the Twitter platform. As most vendors, businesses, consultants, and infosec personalities made the move to Mastodon, so has the public zeitgeist of up-to-date security news and disclosures. To keep tabs, you can check out the public feeds CTI and ThreatIntel (These tags do not require an account to view.

Racism, Fascism, and other Human Problems on Mastodon

November 27, 2022 - 2 mins read

I am continually fascinated by the amount of users from the Twitter Diaspora who are decrying the lack of robust fixes for socialogical issues within the Fediverse at large, but specifically within the Mastodon social media realm. It is not any surprise to those of us that have studied human behavior or history that bigots and other practicers of vile “-isms” are to be found on the fediverse as every where else.

Mastodon Privacy for Small Instances

November 26, 2022 - 3 mins read

Mastodon, one of many social media platforms on the Fediverse, has attracted a lot of attention since the purchase of Twitter by Elon Musk. With some instances growing by tens of thousands of users in as little as a week, and new personal instances popping up everywhere, I thought I’d take a moment to look at some of the security and privacy features. As instances are usually ran by a tech savvy individual and service a small group of friends, family, and colleagues, it seems imperative that privacy be at the forefront, especially for marginalized groups.

Impostor Syndrome

November 11, 2022 - 2 mins read

“Do you not know, my son, with how little wisdom the world is governed?” ― Axel Oxenstierna, Lord High Chancellor of Sweden to his son who feared holding his own as a peace delegate at the Peace of Westphalia I find that people in the Information Security field often believe that others are smarter than them, or more educated or experienced than them. But my experience has been the opposite.

HEAR Model

July 17, 2021 - 6 mins read

Photo by Oladimeji Ajegbile from Pexels This method of Bible study was handed down to me in 2008 at The University of Tennessee Chattanooga’s Baptist Collegiate Ministries (UTC-BCM). At the time Robbie Gallaty was leading Brainerd Baptist and had an intense focus on discipleship and relationship in the church family. His dedication to discipleship led to a resurgence of strong Godly men and families leading small groups in the community.

EndleSSH by Chris Wellens (github:skeeto)

January 29, 2021 - 2 mins read

“Los Angeles CA ~ La Brea Tar Pits” by Onasill ~ Bill Badzo - - 70M Views is licensed under CC BY-NC-ND 2.0 I recently completed the SANS SEC503: Network Intrusion Detection course and while there is more than enough information to melt your brain, I picked up a few tricks I’d never seen before. I’d like to share one of the quickest and most practical here. EndleSSH by Chris Wellens is a tarpit for would be SSH brute force attackers.

The Eisenhower Matrix

December 7, 2018 - 6 mins read

The Eisenhower Matrix was formalized and popularized by Business Thinker Stephen Covey in his book “7 Habits of Highly Effective People” based on a quote and life advice from President Dwight D. Eisenhower. Eisenhower, a General famous for his mastery of Operation Torch, the invasion of Northern Africa during World War II and later the approving authority for NASA, understood the importance of prioritization at every level. From commanding troops on the battlefield, to beating the Soviets in space, Eisenhower understood the long and short game and used it to become one of the most successful Presidents in America’s history.