As a cybersecurity educator one of the core concepts that I try to relate to students is the ability to differentiate between qualitative and quantitative data. While to some it may seem a simple distiction between two forms of measurement; from my perspective as an educator it is not. While both forms of data are […]
Category: cybersecurity
What is Golden SAML?
The Golden SAML threat vector enables an attacker to create a forged SAML “authentication object,” and authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism. In a Golden SAML attack, the attacker can gain access to any application that supports SAML authentication with any privileges. This allows the attacker access to […]
Secure Networks Vidcast with Mike Morris from Endace
I had the fantastic opportunity to have a recorded video chat (a vidcast) with Mike Morris the Global Director of Business Development at Endace recently. Endace is in my mind the market leader when it comes to network packet capture solutions. They have really evolved network packet technology from its roots in open source TCPdump […]
Amazingly Great Read: Gates and Ladders
Before I was a programmer. Before I was a network expert. Before I was an educator. I was a car guy. Due to all these other things in my life I never got as deep into auto mechanics as others. Reading about and working on my cars has always been a great distraction from Internet […]
Examining PayPal Phishing Email Headers
Looking at the phishing email I received the other day telling me that my PayPal account had been suspended the next step in my investigation is to determine how it reached my inbox. There are many good resources available that describe manual email header analysis. To start out take a look at this article at […]