Security used to mean throwing up a massive, impenetrable wall around your entire network. You just assumed anybody already on the inside was a trusted ally. People called this setup the Castle and Moat model. To put it simply: if you were inside the castle walls, you were golden. You…
What is Social Engineering? Picture two hackers. One is a genius who spends three relentless months hunting for a single zero-day exploit in your corporate firewall. The other is just a guy with a phone. He spends three minutes talking to your help desk while pretending his kid is crying…
The Ghost in the npm install I was looking at my node_modules folder the other day when I realized, we don't really "write" software anymore. We basically just assemble it. When you run an npm install, you are not just downloading some code. You are…
In my last blog post, we got into the high-stakes world of Red Teams vs. Blue Teams. You’ve got the “ghosts” in the machine (the Red Team) trying to slip through the cracks, and the defenders (the Blue Team) watching every log like a hawk. It sounds incredibly cool…
If you are new to the world of cybersecurity, you have probably heard people talking about "Red Teams" and "Blue Teams." When I first heard these terms, I honestly pictured a massive game of Halo or Team Fortress 2. And surprisingly, that mental image is not…