Some Thoughts on Black Hat and DEFCON
After attending Black Hat and DEFCON this year, I noticed that there wasn’t an overarching theme, like the Cloud, APTs or Big Data that prior years have seemed to focus on. Given the recent disclosures about NSA surveillance programs, privacy was…
Read More
August 3, 2013
Connecting the Dots
This year I was fortunate enough to be able to attend the Black Hat 2013 conference in Las Vegas. The opening keynote by General Alexander set the mood for what I think will be a common trend throughout the rest…
Read More
August 1, 2013
Detecting Session Hijacking with LogRhythm’s Advanced Intelligence Engine
When a client authenticates with a Web application, a session is established. Usually a unique, pseudo-random session ID is generated and passed from the client to the Web application with each HTTP request that is made. This session ID might be…
Read More
March 20, 2013
Initial Thoughts on The Hartford Breach: Using Pattern Recognition to Identify Outbreaks
The recent compromise at The Hartford Insurance Company highlights the fact that AV software by itself isn’t always an adequate defense—even for malware that has been in the wild for quite some time. It was reported that a W32-Qakbot variant was…
Read More
April 13, 2011