A New Year with New Security Challenges

Posted Friday, 02 February 2018

January 2018 was a very high activity month for both Octopi and myself. Concern is growing around the building and use of cyber weapons and the potential harm they can to innocents. It’s an issue I have been thinking about ever since the International Committee of the Red Cross reached out to me about possibly working for them in this area. Although, I am still in a “process” I thought it prudent to turn my “exam” answer into a mini-essay on the subject and supply the various citations needed to complete the work. Here is it on the Tripwire blog, a huge thank you to Joe for fast tracking it for publication https://www.tripwire.com/state-of-security/featured/cyber-law-war/ .I’ve also had some luck to provide some industry commentary on the Tor Project, https://www.scmagazineuk.com/its-all-gravy-for-the-onion-router-as-tor-browser-beefs-up-security/article/739414/ and for CompTIA https://www.comptia.org/about-us/newsroom/blog/comptia-blog/2018/01/25/calm-common-sense-best-response-to-processor-chips-security-flaw-disclosure?utm_content=buffer9fb01&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer and once more for SC Magazine here: https://www.scmagazineuk.com/mobile-scada-application-landscape-less-secure-than-in-2015/article/736430/ It’s so great to be asked what I think? Because I think a lot.


I was not without an opportunity to kick 2018 with a creative if somewhat rant-y response when asked by Anna from Heimdal Security on “Why Security can’t be Simple?” https://heimdalsecurity.com/blog/why-cant-cybersecurity-be-simpler/?utm_source=Heimdal+Security+Newsletter+List&utm_campaign=11358dbb5d-EMAIL_CAMPAIGN_2018_01_25&utm_medium=email&utm_term=0_31fbbb3dbf-11358dbb5d-195531785#iantrump The complexity and challenge of running a business is increasing and the skill set required to keep everything running is becoming increasingly diverse.


Perhaps the best and most fun was my presentation at Bsides Leeds. Here is the full presentation here  https://www.youtube.com/watch?v=9B7QiHDvo9Y&feature=youtu.be which was covered in this wonderful blog https://appsecbloke.ghost.io/not-just-another-infosec-conference/ . Equally fun was a guest appearance on Eric Anthony’s “All Things MSP” video podcast which featured some great banter on Specter and Meltdown pre-show https://www.facebook.com/allthingsmsp/videos/388377611605495/ and the main show where I got to talk about how much you can leverage from the Windows Event Log for Host Intrusion Detection (HIDS) capability show https://www.facebook.com/allthingsmsp/videos/387643568345566/ you can download the featured white paper here: https://www.dropbox.com/s/8asuda9ac0elfjn/Octopi_Whitepaper_EN_091117.pdf?dl=0


If you are a follower of mine; you may have noted that I have a new job down in London – currently commuting from Edinburgh 3 days a week. It’s going to be an amazing fun challenge to build out a Vulnerability and Threat Hunting Team for a large company who is in the online gambling industry. If you are looking for someone to take a peek into a piece of malware or a spear phishing link that made it through your layered defense please check out are Octopi Identify Neutralize Kill (INK) and Black List Collective service on our new & fresh contact page here: http://www.octopitech.com/our-services/malware-and-analysis/


Keep patching & till next month then,


Phat Hobbit

Secured By miniOrange