ericlaw

Attack Techniques: Fake Literally Everything! (Escrow Scam)

The team recently got a false-negative report on the SmartScreen phishing filter complaining that we fail to block firstline-trucking.com. I passed it along to our graders but then took a closer look myself. I figured that maybe the legit site was probably at a very similar domain name, e.g. firstlinetrucking.com or something, but no suchContinue reading “Attack Techniques: Fake Literally Everything! (Escrow Scam)”

Vibe-coding for security

Recently, there’s been a surge in the popularity of trojan clipboard attacks whereby the attacker convinces the user to carry their attack payload across a security boundary and compromise the device. Meanwhile, AI hype is all the rage. I recent had a bad experience in what I thought was a simple AI task (draw aContinue reading “Vibe-coding for security”

Understanding SmartScreen and Network Protection

The vast majority of cyberthreats arrive via one of two related sources: That means that by combining network-level sensors and throttles with threat intelligence (about attacker sites), security software can block a huge percentage of threats. Protection Implementation On Windows systems, that source of network threat information is commonly called SmartScreen, and support for queryingContinue reading “Understanding SmartScreen and Network Protection”

A Solid 10K

After last year’s disappointing showing at the Capitol 10K, I wanted to do better this time around. We left the house at 6:47; traffic was light and we pulled into my regular parking spot at 7:09. It was a very chilly morning at 42F with a bracing breeze, so I wore my running tights, makingContinue reading “A Solid 10K”

Defensive Technology: Exploit Protection

September 2025 tl;dr: You probably should not touch Exploit Protection settings. This post explains what the feature does and how it works, but admins and end-users should probably just leave it alone to do what it does by default. Over the last several decades, the Windows team has added a stream of additional security mitigationContinue reading “Defensive Technology: Exploit Protection”