It’s not every day that you get a phone call at 2 AM asking for a breach response job. Let alone, one that we would later discover to be originated from not just any insider threat — a rogue security professional insider threat. In this article I will walk you through what happened in this incident, the indicators of compromise (IOCs), Tactics, Tools, and Procedures (TTPs), and the strategies involved with detecting and responding to a rogue cyber insider.

The article will be a blend of technical details and strategic oversight guidance in tandem with our story. After the details…


Introduction

I’ve decided to take moment to reflect on who and what were beneficial to me during my journey to become a cyber security professional. In this brief guide, I go over security expertise requirements, best practices, and recommendations for individuals looking to transition into security professionals. This is also a useful pocket guide for recruiters in selecting talented candidates and snuffing out less than credible or incompetent professionals diluting our field. We’re going to cover:

  • Briefly comparing backgrounds
  • Prerequisite Knowledge
  • Understanding just how large the security profession is
  • Examine the security foundations, credentials, experience, and trends
  • Setting realistic salary expectations


During a typical penetration testing engagement; I’ve often run into issues trying basic encoding or encryption techniques even with live off the land binaries (LOLbins) due to more aggressive endpoint security. Some customers are taking note of typical base64, RC4, and other commonly utilized encryption and or obfuscation techniques for files written to disk as well as any modules loaded into memory.

This is where some creativity must come in to prevent your payload or exfiltration staging data to trigger an alert in security tools. In such instances, it’s common for these types of customers to have other technology departments…


In this tutorial we’ll be covering how to setup and deploy a small medical imaging client-server based network using a combination of free and open source tools. In addition, we’ll troubleshoot some common interoperability issues between such systems; and also provide recommendations for Health Information Technology (HIT) professionals.

At the end of this article you should be able to:

  • Have a fundamental understanding of a common medical imaging protocol
    and standard
  • Be able to deploy two different client / server vendor software
    utilizing that standard
  • Troubleshoot basic network and configuration support requirements
    between the two vendors
  • Understand the security implications


Welcome to my guide on dynamic binary instrumentation (DBI). In this article, we’re going to learn the evolution of general binary analysis methods and how to perform some common routines used by security researchers. DBI in itself is a powerful way to gain visibility, modify behavior, and fuzz closed source binaries without having to re-compile or run the original code itself. In fact, there are use cases where engineers have optimized code performance by using instrumentation. If you’ve ever heard of “hot patching” or “function hooking”; that’s exactly what DBI does.

After reading this article, you should be able to:


This week I’ve had the pleasure of dealing with lots of wireless (WLAN) de-authentication attacks on my Wireless AP’s (WAPs) with attempts to crack my WPA2 key. The reason why I found it quite enjoyable was because it gave me an excuse to implement 802.1X WLAN Security using my new toys. 802.1X authentication greatly increases your security posture over shared secrets when deployed correctly.

Particularly, I purchased a Ubiquiti UDM-PRO and UAP-PRO-AC products to replace my toaster of a PFsense box and other WAP’s. There’s certainly lots of room for privacy and security improvement in the products; but the simple…


In this article, we’re going to learn how to use COM objects and PowerShell in Windows to execute shell commands with a couple of techniques for evading some endpoint security. Specifically, what you should get out of this is:

  • Learn what COM objects are
  • Enumerate COM Objects in Windows
  • How to run COM objects in .NET compatible wrappers to Windows API
  • Learn how to create your own simple encryption and decryption routines for evasion

Disclaimer: Please do not utilize anything you learn in this article for unauthorized or illegal purposes.

What are COM Objects?

COM objects stand for Component Object Model for Windows. It…


Welcome to Part 2 of our three part series on our journey to the GIAC Security Expert (GSE) certification. If you’re looking for Part 1 or wish to learn more about how we setup Google Cloud Compute VPS and Colab Jupyter Notebooks, please use this link. In this guide we’re going to focus on a few tools and use cases that aren’t always used by defending analysts because they’re not in penetration testing engagements.

In the GSE, you will be tested on GCIH foundations which include basic tool usage. You don’t have to master every single tool but you should…


I’ve decided to write a guide on my journey towards getting the GIAC Security Expert (GSE). This guide is focused on those who are also planning on obtaining their GSE and or are in the middle of studying for the qualifier exam or the labs now.

Even if this does not apply to you; there are loads of high quality tips for command line and scripting considerations for your daily security administration.

This is a three part series. Part 1 is about my prep for the qualifier exam and hands-on prep work for the labs which includes:

  • Setting up free…


All over the web there’s terms like “fake news”; the equivalent to such in the security world is “false flags”. What will Cyber Threat Intelligence (CTI) Programs do about it today in almost every Fortune 100?

After all, there’s tons of information in the form of paid and OSINT feeds out there that enrich and add value to any indicators cyber security defenders may see in their own networks. These community driven efforts in either private or public fashion put a “best effort” approach at reporting adversarial characteristics. …

Dennis Chow

Security Practitioner | USAF Veteran *Opinions are my own

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store