Interrogating Bias in Incident Response

6 minute read Published: 2022-11-03

It's Friday afternoon. It always happens on Friday afternoon. You're ready to be done for the week, having closed out a pesky ticket that took far too long. Just as you're about to lock the screen and punch out for the day, you watch the email arrive—almost in slow motion—with that dreadful tagline:

URGENT: Account Compromised

Goodbye to your Friday evening. You don't get to sit down and watch the game. You don't get to enjoy a nice dinner with the fam. Because you, through a series of questionable life choices, have made your way to the role of Lead Incident Responder. The clock is ticking, and all eyes are on you.

And you know you have at least 2 adversaries: the criminal trying to cause your organization harm, and your own flawed, bias-prone brain.

Quasar: Compromising Electron Apps

7 minute read Published: 2022-09-06

This is the story of how I used Microsoft Teams's own design against itself.

We all kinda know that Electron apps are dangerous—at least to our RAM, am I right??

But seriously, these cross-platform apps, because of how they get installed, present a tasty spot for attackers to take up residence and even inject malicious code into trusted applications, with the poor user being none the wiser.

Here's how it works.

Chrome Extensions for Post Exploitation

9 minute read Published: 2022-07-18

POV: You're performing a pentest/red team engagement against a fairly hardened environment. You have, through creativity and perseverance, landed an implant on a workstation. Your session has low privileges, but the user may have local admin or associated higher-priv accounts. You're trying to remain stealthy, and normal lateral movement techniques might get detected. You need creds, but how to get them when everyone's watching you?

Answer: use SSO against itself by listening in on the browser.

The Federated Future

7 minute read Published: 2022-05-03

Look, it's not original thinking to be concerned about the future of social media with a megalomaniacal billionaire threatening to impose regressive policies. Enough ink has already been spilled on what might or might not happen with Twitter as the new owner molds it in his image. The debate rages on about whether Twitter is a town square, whether it ought to be, or whether something that functions as a public service should in fact be driven by profit. But that debate misses the fact that some folks have already created a truly free alternative. It didn't require government intervention. As always in the open source software world, it simply took the conviction, creativity, and hard work of a community.

Or in this case, a federation of communities. This last week, I dove back into the Fediverse by way of Mastodon. Mastodon is a free and open alternative to Twitter—or "the birdsite," as users of Mastodon call it. What I've found has not just made me want to stay, but made me question my assumptions about social media in general.

Let's explore how your entry into the Fediverse might proceed.

On Learning and Fear

5 minute read Published: 2021-12-23

During a recent talk I gave on self-teaching in tech, I shared my 4 "Maxims" for teaching and learning. These were the distillation of a career in education. Of the four, the most important was this: You can't learn if you don't feel safe..

But some folks disagreed vehemently.