One piece of advice I give to people looking to transition from computer science homework assignments to meaningful proficiency in cybersecurity is to seek out Hackathons and Capture-the-Flag competitions. Sometimes the amount of information on these events can seem overwhelming and it can be difficult for someone starting out to know which events are worthwhile and how to best make use of opportunities. After attending a number of these competitions myself, I wanted to share some of the advice I wish someone had given me.
Read More...
Static == Secure Right? If you’ve read my recent post extolling the virtues of static site generators for secure web development you might think that deploying a static site makes you more or less invulnerable to cyber adversaries. Although it’s true that going static dramatically reduces your vulnerability profile, it doesn’t quite eliminate it. This post considers five possible attack vectors against websites built with static generators (e.g. Jekyl, Hugo, etc.
Read More...
Juggling Priorities It should come as no surprise that, when building this site, my first concern was security. This arose partially from the fact that I live and breathe cybersecurity and believe (not without cause) that the whole internet is out to get me. However, it’s also true that sites focused on cyber issues tend to present attractive targets to hackers attempting to prove their skills and gain some renown with people who might actually appreciate their accomplishments.
Read More...
Pi Guard Pi Guard was a hackathon project focused on filling the gap between consumer security options for personal computers and comparable offerings for embedded and internet of things products. The device hosts a simple web application which acts as a wrapper for a number of automated scans that take place on the local IP range. The automated scans are designed to be modular and flexible so that multiple ‘plugins’ might be written for the platform and the UI is oriented towards non-technical users.
Read More...
Pi Spy Pi spy was an entry my hackathon team made with the goal of demonstrating a novel attack vector against unencrypted network traffic. The project revolved around a malicious NIC installation that included a raspberry-pi running tcpdump and a passive network tap that intercepted all traffic from the desktop’s ethernet port. By powering the raspberry-pi off of the Molex adapters from the PC’s PSU we were able to ensure that the pi ran continuously whenever the PC was turned on.
Read More...