I Am Security

  • March – April Events

    by

    iamit
    in ,

    After a quiet start for the year (and keeping up with my promise to try and cut down on travel) we are fast approaching exciting times. March will have a couple of great events I’m really looking forward to, and April packs a really great conference and training. So, without further adue: DC9723 kicking off…

  • Cyber, Cyber, Cyber. What are we talking about anyway?

    by

    iamit
    in

    A long draught (almost a month) in this blog is finally coming to an end after I had some great conversations with good friends at the cyber un-conference here in Israel. One of the obvious discussions is around the use of the term cyber (surprise). The general agreement is that the term has been violated…

  • Guest post: Why you need patch management

    by

    iamit
    in ,

    Today we have another guest post from our friends at GFI – this time on patch management (which unfortunately is one of the reasons that so many pentests are so easy to succeed in…) Every organization uses several types of software such as operating systems, servers, clients and many other third party applications. Every software…

  • Hackers, Credit Cards, and the Media

    by

    iamit
    in , ,

    In the past couple of weeks there has been an interesting “hacking” trend going on in Israel. It started from the publication of a few thousand credit card records (out of an alleged 400,000). Continued with the publication of “SCADA” systems with default credentials, and a handful of gov.il email addresses and passwords, and more…

  • Advanced Data Exfiltration – full paper

    by

    iamit
    in

    This paper has been published in several security conferences during 2011, and is now being made fully available (as well as a PDF version for downloading)   Abstract Penetration testing and red-team exercises have been running for years using the same methodology and techniques. Nevertheless, modern attacks do not conform to what the industry has…