YABOTSB - Yet Another Blog on the Sony Breach ?

The Internet lit up last week over the (very public) hack of Sony Pictures. There has been no shortage of commentary on the hack, from wild accusations involving evil-nation-states, to 0-day malware more complex than STUXNET.

We believe that in all this noise, its easy to lose sight of some important lessons, and so tonight, we kicked out a ThinkstScapes Ad Hoc update on it.

This Ad Hoc issue is being made available free here:

If you aren't a ThinkstScapes subscriber, and want to be, Let us know. We offer educational discounts and will be happy to oblige.
We (almost) always treasure feedback. Drop us a note at info@thinkst.com if you have any.


  1. very good report
    appreciate that

  2. Pen tests should be like easter egg hunts. Plant things in your network and challenge the pen tester to find them. Trouble is the customer of the pen test always hopes they pass the test, so they drive things that way. Pen testers want repeat business so they are reluctant to totally own the customer's network. I see pen tests that are nothing but dressed up Qualys scans. Qualys scans are very valuable and important, but they are not pen tests.