We :heart: Slack. The elderly in our team were IRC die hards, but Slack even won them over (if for no other reason, for their awesome iOS changelogs). Thanks to Slack integrations, its robust API and webhooks, we have data from all over filter into our Slack, from exception reporting to sales enquiries. If it’s something we need to know, we have it pushed through to Slack. At the same time, our Canary product (which prides itself on …
Blog Posts
As part of a talk at the ITWeb Security Summit last week, we discussed how to trigger email alerts when file signatures are validated with our Canarytokens project. Building on that alerting primitive, we can make signed executables that alert when run or signed Office documents that alert when opened. Canarytokens is our exploration of light-weight ways to detect when something bad has happened on the inside a network. (It’s not at all concerned with leaks in that dubious non-existing …
We have been talking a fair bit over the past few years on what we consider to be some of the big, hidden challenges of information security [1][2][3]. We figured it would be useful to highlight one of them in particular: focusing on the right things. As infosec creeps past its teenage years we’ve found ourselves with a number of accepted truths and best practices. These were well intentioned and may hold some value (to some orgs), but can often …
“Communication flow in the TDS 4.2 protocol” [msdn] Our recent PyConZA talk had several examples of why Python is often an easy choice of language for us to quickly try things out. One example came from looking at network traffic of a client authenticating with Microsoft SQL Server (in order to simulate the server later). By default, we can’t see what the authentication protocol looks like on the wire because the traffic is encrypted. This post is a brief account …
A few days ago, @jack (currently the CEO of both Square && Twitter) posted a pic of his iPhone. [original tweet] It struck me as slightly surprising that both Square & Twitter could be using Gmail. Both companies have a ton of talent who deeply understand message delivery and message queues. I wouldn’t be at all surprised if both companies have people working there who worked on Sendmail or Postfix. On some levels, twitter competes with Google.. (if Google Pay …
A Quick Overview of our Canary Product – Check it out at https://canary.tools …
This year we gave a talk at BlackHat titled: Bring back the Honeypots. You can grab a quickly annotated version of the slides from [here] As usual, we had waaaaaay more content than time (which should have been expected with about 142 slides and multiple demos) but we like to live dangerously.. The linked slides are annotated, so you should be able to gather the gist of our thoughts, but some of them (especially the demos) do require their own …
As the Snowden leaks continue to dribble out, it has become increasingly obvious that most nations planning for “cyber-war” have been merely sharpening knives for what looks like an almighty gunfight. We have to ask ourselves a few tough questions, the biggest of which just might be: “If the NSA was owning everything in sight (and by all accounts they have) then how is it that nobody ever spotted them?” The Snowden docs show us that high value targets have …
You can watch it in action here: The videos were made with our early prototypes. The release birds are much much prettier! We think its insane that organizations that spent millions of dollars on cyber security took months (or years) to realize that they were breached. We think Canary fixes this elegantly and manages to do this at a super reasonable price-point. We have spent ages adding features, stripping features and making it a pleasure …
We gave 2 talks at Troopers15 this year. Marco & Azhar talked about Sockpuppets and Censorship 2.0. And i gave a somewhat hand-wavy talk titled: “The hard thing about the hard things“ (Some pretty smart people seemed to like them, so its probably worth a quick watch) …