Understanding the Digital World, and Staying Safe on Cyberspace!
When teaching the OT Security 101 Workshop for Div0, one conundrum I had (and in general, for any introductory workshop) is how we can provide enough material for the faster peers amongst us, yet make sure the slower ones can catch up. We do this through the concept of the extra mile. This was first…
On Friday evening, I caught up with a fellow cybersecurity professional over dinner. Luckily none of us had to deal with the meltdown Crowdstrike had caused. But this caused much grief and frenetic hours for our IT administrators around the globe, who had to manually perform workarounds to recover affected Windows servers and clients. Being…
In April, it was reported that the eScan antivirus update mechanism was targetted by an APT group to distribute GuptiMiner malware. The malware itself is quite sophisticated, but what was baffling to me was the modality of said attack: delivery of the attack vector through HTTP. The “Lock” on the Browser If you had been…
What do lava lamps have to do with Physics and cybersecurity? Besides the fact that they are all hot (pun intended), they are all related through Cloudflare. This post was inspired by a friend who asked me this: Recently, lava lamps have taken the Internet by storm through suggesting they were useful to improve the…
Recently, I was at the Singapore Airshow to showcase what my firm offers in terms of cybersecurity solutions contextualised to the aviation market. Being a trade show, I was privileged to have met many different partners and stakeholders who would otherwise communicate with us typically via teleconference calls. Being the first huge trade show I…
Being my first cybersecurity management certificate (the CISSP), taking this differs from most of my earlier cybersecurity certifications, which focused around various skills in offensive security (penetration testing, exploit development e.t.c.) To some extent, I had to take this with a different approach — one with a stronger foundation in conceptual knowledge, and to a…
*FUD also stands for “Fully UnDetectable”, which describes malware that evades the bulk of commercially used antivirus products. PEN-300 naturally continues where PEN-200 leaves off, for more advanced techniques. After all, OSCP skills alone will not beat modern mitigations; we must try harder. What Do I Really Need Before PEN-300? There has been a trend…
I have decided to share a post written by Naomi, a CISO, on her views on whether a cybersecurity career requires IT fundamentals. She summarises her position as follows: You don’t NEED to know networking, computer hardware, operating systems, databases, or anything deeply technical to start in cybersecurity. All you need is a high level…
A few weeks after I signed up for Cracking the Perimeter (CTP), CTP was retired. Some infosec friends thought I got the short end of the stick, because the course content had not changed in a long while. That is half-true; newer exploit development techniques are now in the while, and CTP only covers the…
Yesterday, I left my first job. Four years in an organisation is neither a long nor short time, but it was the organisation that made me who I currently am today. My journey into cybersecurity was different from most. I was not a 16-year-old whiz kid who conquered the OSCP. Neither was I a Computer…
