Understanding the Digital World, and Staying Safe on Cyberspace!
In April, it was reported that the eScan antivirus update mechanism was targetted by an APT group to distribute GuptiMiner malware. The malware itself is quite sophisticated, but what was baffling to me was the modality of said attack: delivery of the attack vector through HTTP. The “Lock” on the Browser If you had been…
*FUD also stands for “Fully UnDetectable”, which describes malware that evades the bulk of commercially used antivirus products. PEN-300 naturally continues where PEN-200 leaves off, for more advanced techniques. After all, OSCP skills alone will not beat modern mitigations; we must try harder. What Do I Really Need Before PEN-300? There has been a trend…
(Warning: A slightly long read. I have wanted to write about doctrine for the longest of times, but I decided to weave in some of my personal musings about other areas of cybersecurity as well, that are related to doctrine. The result is a long story.) Introduction: The Thought on Business A number of friends…
“Minimum 8 characters, minimum 1 upper case, 1 lower case, 1 number and 1 special character.” Sounds familiar? Yes, this is a fairly common password policy. Users found the shortest password that could meet these requirements, “P@ssw0rd” and used it so widely that one of the biggest data breaches in Singapore documented how the use…
Recently, I finished reading a book at the intersection of behavioural economics and psychology, and will be embarking on yet another book on behavioural economics. For someone who graduated from a hard science degree, I think this qualifies as “reading some fluff” to pass time. They make for interesting reads to suggest that humans are…
Is cybersecurity merely only for technically gifted people? Well, not quite. With the advent of the digital world (think Smart Nation), there has been an increasing need for cyber literacy and awareness. Yet, there exists a gap between cyber professionals and laypeople in terms of cyber awareness and literacy. Hence, one short way of addressing…
While preparing for a cybersecurity 101 community talk that I would give in the next month as part of a volunteer community outreach programme, I felt somewhat concerned about how far behind the layperson is in catching up with the digital world. I never expecting doing cybersecurity half a decade ago. Then, I was an…
