#TripwireBookClub – The Ghidra Book
It’s been a little while since we last reviewed a book, but a lot of my team has been spending time with Ghidra this year. Craig Young taught a course on the subject, and I’ve used it with my students at Fanshawe College in their Malware Analysis course. Given our ... Read More
VERT Alert: SolarWinds Supply Chain Attack
Vulnerability Description The United States Cybersecurity & Infrastructure Security Agency (CISA) has advised that an advanced persistent threat (APT) actor was able to insert sophisticated malware into officially signed and released updates to the SolarWinds network management software [1]. The attacks have been ongoing since at least March 2020 and ... Read More
Lessons from Teaching Cybersecurity: Week 11
As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after ... Read More
3 Mobile App Security Recommendations for National App Day
On December 11, 2017, Platinum Edge Media and its founder CJ Thompson created National App Day as a way to celebrate how apps have inspired us and changed our culture. The Registrar at National Day Calendar went on to proclaim National App Day to be observed annually. We can’t truly ... Read More
Lessons from Teaching Cybersecurity: Week 10
As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after ... Read More
VERT Threat Alert: December 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s December 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-918 on Wednesday, December 9th. In-The-Wild & Disclosed CVEs There are no In-The-Wild or Disclosed CVEs patched this month. CVE Breakdown by Tag While historical Microsoft Security Bulletin ... Read More
Lessons From Teaching Cybersecurity: Week 9
As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after ... Read More
Lessons From Teaching Cybersecurity: Week 8
As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after ... Read More
Lessons from Teaching Cybersecurity: Week 7
As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after ... Read More
Changes to Microsoft Security Bulletins
For those that have been in the industry for more a couple of years, you will remember when Microsoft retired the very powerful and well-documented security bulletins back in 2017. At the time, we felt that it was a severe reduction in the availability of information; Microsoft was suddenly communicating ... Read More
