Blog Posts

YABOTSB – Yet Another Blog on the Sony Breach ?

The Internet lit up last week over the (very public) hack of Sony Pictures. There has been no shortage of commentary on the hack, from wild accusations involving evil-nation-states, to 0-day malware more complex than STUXNET. We believe that in all this noise, its easy to lose sight of some important lessons, and so tonight, we kicked out a ThinkstScapes Ad Hoc update on it. This Ad Hoc issue is being made available free here: If you aren’t a ThinkstScapes subscriber, and

Continue Reading

Weapons of Mass Distraction: Sock Puppetry for Fun & Profit

We presented at Hack in the Box Malaysia last week on research we have been doing for the past while on Sock Puppetry. We will post more details on the research in upcoming posts, but for now, you can grab a copy of the slides [here] [edit] Coverage of the talk on Digital News Asia : “Censorship 2.0: Shadowy forces controlling online conversations” [edit] Coverage of the talk on the register : “Stop and Thinkst: Is that really the Most Popular story

Continue Reading

Cyberwar – Why your threat model is probably wrong!

(CCDCOE / June 2010) My original brief was to talk on how i would go about attacking a modern connected state. I noticed that Charlie (Miller) was covering this topic, so opted to go another route. For this talk my point is simply to point out, that there are probably some big holes in your current threat model. I’m from South Africa, and although WGN News sees very little difference between South America and South Africa, they are different places.

Continue Reading

ThinkstScapes on Risky.Biz

We spent a bit of time on Patrick Grays excellent Risky.Biz this week, to talk about our ThinkstScapes service. We have been running ThinkstScapes for about 4 years now, and (so far) have never had a cancellation yet. (We take this to mean that people generally like it!) As part of the show, we gave away a free issue of the 2nd Quarter Research Roundup Issue for 2014. If you are not a subscriber, you can grab your [free copy

Continue Reading

(Waaay overdue) 2013 – the year in review..

At the end of last year we did BlackHats 2013 year in review. It was a webcast (which means you are spared seeing our faces, but not from hearing our voices or seeing our slides). Although its probably slightly dated, we think theres some value in it for those who didn’t dial in. You can grab a copy of the slides in PDF here, and can watch the video below: (talk starts at 2m07s) Ps. We know it’s dreadfully late to post

Continue Reading

What the Snowden leaks mean for South Africa

Our ITWeb Security Summit keynote this year covered the Snowden Leaks from a South African point of view. Our talk was based on ideas we articulated in an op-ed piece for Al Jazeera last year, titled: “Silicon Valley, spy agencies and software sovereignty” ITWeb has already uploaded the video (Go ITWeb!) – Below you can grab a version of the video, with the slides added as an overlay (if nothing else, it makes the nasal voice more bearable)

Continue Reading

Phish your company, before someone else does!

Today we are happy to release to the public: Simply, Phish5 is Phishing as a service. It allows a fairly unsophisticated user to phish users in her organization, quickly, easily and from the comfort of her own browser. Why would we do this ? In the past year, a host of high profile news organizations were phished, and then publicly spanked. The attack that compromised the AP’s twitter account [Verge] even led to a visible dip on the Dow.

Continue Reading

Introducing Consli, easy scheduling and feedback for conference organisers and attendees

The number of security conferences shows no signs of slowing down, feeding an ever-growing appetite for talks, presentations and content. If you’re anything like us, both attending and speaking at conferences is part and parcel of your job, even if it’s one event per year. In the absence of publication channels available in other disciplines such as good quality journals, security researchers have the option of blog posts, ezines such as Phrack, mailing lists or conferences. Many choose to go

Continue Reading

ThinkstScapes 2013-AH1: On the China report

The Mandiant APT1 report that was released a week ago has been causing some consternation, which makes it a ripe topic for our ThinkstScapes service. This morning, we issued an ad-hoc update to our customers containing our views of the APT1 report. In short, the data is interesting, but does not conclusively point to Unit 61938. There are too many open questions to justify the finger pointing. Take, for example, the markers released for the APT1 group. The report does

Continue Reading

Site Footer

Authored with 💚 by Thinkst