Compliance in a Cloud Native World
Part 1: From Monster to Mascot How did a fairly straightforward endeavor – an IT audit – become that monster under the bed? Compliance projects all too often feel a …
Black Hat Preview: Uncommon Sense
Detecting Exploits with Novel Hardware Performance Counters and ML Magic The end of July usually comes with a bit more preparation involving updating your software, encrypting your devices, buying a …
Grubbing Secure Boot the Wrong Way: CVE-2020-10713
Today, researchers at Eclypsium disclosed a buffer overflow vulnerability in GRUB2, CVE-2020-10713, affectionately termed “Boothole.” It basically results in a total pwn of Secure Boot in systems using GRUB, which …
Grubbing Secure Boot the Wrong Way: CVE-2020-10713 View Now »
Security Considerations for Cloud Migration
Many companies have long resisted migrating to the cloud for security reasons. An evolving technology landscape can already make a well-planned cloud migration strategy seem like a complex task, but …
Black Lives Matter. Actions Speak Louder Than Words.
The most recent killings of Black people at the hands of police – Rayshard Brooks, George Floyd, Ahmaud Arbery, Breonna Taylor – are tragically only the most recent reminders of …
Black Lives Matter. Actions Speak Louder Than Words. View Now »
Can’t Contain Ourselves – Container Escapes
Register for “Linux & Containers: Brandon and Nick Hack Things Live.” Containers have revolutionized the way we do application development, but, as with most new technologies, their adoption in the …
High STEKs: On-path attacks in GnuTLS (CVE-2020-13777)
This month, Fiona Klute disclosed a vulnerability in GnuTLS, CVE-2020-13777. It can either enable on-path attackers for TLS 1.3, or facilitate passive decryption of traffic between servers running GnuTLS for …
High STEKs: On-path attacks in GnuTLS (CVE-2020-13777) View Now »
Maximizing Business Impact with Machine Learning
I recently had the great fortune of presenting a lunch & learn session to the Capsule8 team. In this presentation I discussed how to effectively leverage machine learning to build …
Security Delusions Part 3: Cheat Codes
Organizations are unearthing the potential of digital transformation, but security often remains a gatekeeper to this path of promised potential, largely due to its own delusions about what modern infrastructure …