Tag: technical

  • Local PayPal Phishing – and why we need a CERT

    This just came in the mail: (twice – at two different mailboxes – I must be a high value target for these guys) A classic phishing email, with the only exception that it seems highly targeted at the Israeli market! (yeah – I know, I sound a little excited, but this is the first one […]

  • Defining Penetration Testing

    I have been fortunate enough to be working with a group of peers from the security industry over the past few months (since November 2010) on finally creating a solid definition of what a penetration testing is. It has been a topic that has been abused, cannibalized, and lowered to a level where we (as in […]

  • the art of not thinking about elephants

    Approaching risk management should be done in the most holistic manner, this means that EVERY aspect of information flow should be taken into account. This article describes how a red-team test managed to exfiltrate data out of a closed/non-connected network using innovative thinking.

  • Stuxnet Analysis Report

    Stuxnet report officialy published by the CSFI-CWD

  • The Botnet Wars – industry Q&A

    I was approached recently by Bart P from Panda security in order to participate in an industry expert Q&A about the botnet wars (apparently he did his homework as he got quite the lineup to participate in this, guessed he can count me as a close miss :-)…). He managed to compile a great Q&A where […]