On a professional pen testing engagement,why is one call or phish pretext selected over another? Why does it work (or not)? This case study describes how an SE pen testing engagement used a combination of exploits – phishing, vishing, and a spoofed site to successfully gain network credentials without even asking for them. Learn why … Read more
Below are my write-ups and notes for the papers I’ve been reading in the “Economics of Information Security” class I’m enrolled in. I’m guessing most of my readers won’t get much out of them unless they have read, or plan to read, the same papers. More to come as the class continues. Week 1 This … Read more
Ok, this article is in part me being snarky, but a friend said I should make fun of the situation. I figured I could also make an article for InfoSec educators out of it. At one point before I was forced to change majors (granted, for a better career), an instructor referred to me with … Read more
Research surrounding radicalization to and use of violence among extremist and terror groups has expanded over the last decade. These studies have improved our understanding of the potential process of radicalization and identified differences between lone wolf and group-based extremist threats. There are still fundamental questions that must be addressed, particularly regarding the role of … Read more