Directory spraying is a technique I use to enumerate files and directories while bug bounty hunting. The typical approach is to enumerate all the subdomains you can find and then start working on finding your targets. Part of this process includes discovery lists which could contain thousands of [...]
AntiCrysys has certified forensic analysts that work on a variety of cases ranging from intellectual property, incident response, and other malicious activity. We perform e-Discovery on systems that includes Android, iOS, Linux, Unix, Windows, Mac OSX, gaming consoles, IoT devices, and [...]
A risk appetite statement is important for CISO to align security with the business goals. The problem is many organizations don't have a risk appetite statement or know how to establish one. You can start the risk appetite creation process by starting with a financial statement. The financial [...]
The post breach lessons learned is an important part of recovering from a breach. The lessons learned phase is actually part of the PICERL model for incident response. We have seen a trend over the year of breached organizations skipping this step entirely. The incident response process has [...]
Tracking your wifi enabled Vehicle might not have been something you considered when you purchased that new car that came with a wifi hotspot. More and more cars are coming with this feature and I started to look closer at the possibilities of tracking a vehicle's movements based on the SSID and [...]
Ransomware is at the top of most organization's concerns when it comes to cybersecurity. It's not so much that there is a ransomware problem, it's that there is a basic information security controls problem. There are some basic things you can do to prevent a ransomware attack on your [...]
Casino ransomware attacks have been making the headlines lately. Our very own CEO, Catherine Sullivan, was recently interviewed by News 9 in Oklahoma City about the impact of ransomware on the average consumer. We have worked a number of related ransomware and other incidents with casinos and [...]
Security in the Cloud is a three part series about how to better protect your organization's digital assets in the cloud. This is a continuation from part two of the series. Cloud Defenses Scan for Unauthorized Connections across Trusted Network Boundaries. This means having the appropriate [...]
Digital forensics for law enforcement agencies is an initiative we started because be saw that many agencies are underfunded from a technology perspective. This results in dated equipment, lack of staff, and no budget for training. As part of this initiative we offer free workshops and [...]
Security in the Cloud is a three part series about how to better protect your organization's digital assets in the cloud. This is a continuation from part one of the series. Malware Defenses in the Cloud Malware defense is still an important consideration in cloud environments. Systems can [...]
Newsletter
