Tag: research

  • Debunking the “8200”, “81” and other #### ex-Israeli Army Intelligence myth

    I’m a known and pretty vocal advocate of self learning, self starting, and inquisitive entrepreneurial spirit. As such, I’ve witnessed over my years in the security industry, a lot of occasions where the halo or myth surrounding some so-called “elite” units in the Israeli Army Intelligence has blinded people. Such blindness comes from a very…

  • Intelligence on Ashiyane and the Iranian Cyber Army

    One of my favorite OSINT resources internet-haganah have opened up a new thread on their forums that are dedicated to Iran, called Ashiyane. This is basically the hacker forum that I was researching a couple of years ago (see my DefCon18 talk, and here, and here). The forum thread is here: http://forum.internet-haganah.com/showthread.php?440-Ashiyane And an interesting intelligence profile…

  • The curious case of Dropbox security

    After the disclosure of the host_id authentication issues that plagued the popular Dropbox service last week, a new issue came up with the fact that Dropbox can detect whether the files you are trying to upload to their cloud already exist there, and “save you the bandwidth” of uploading it if they already have a…

  • SCADA, control systems and security – not necessarily enemies

    Insights from the NISA International SCADA Security Forum conference (NISA stands for National Information Security Authority, which is a division of the Israeli Security Agency). We all know that SCADA has been considered a security nightmare for a long time. Admittedly, I only have a short experience with such systems and control systems in general…

  • Defense through Offense, and how APT fits there

    I’m guessing that having “APT” in anything that goes outside for public consumption these days is mandatory, but this post actually has a good reason to do so. If you look back just one post in the past, we were discussing the new initiative to define “Penetration Testing”. The post, and the proposed standard itself…