Uneven Protection Attacks flow like water: if you have a hole in your defenses, attacks will flow through that hole. Unless they’re trying to win a prize or show off, attackers do not bother attacking where your security posture is strongest. Making your tallest wall taller usually isn’t useful. Encryption Security folks love encryption, forContinue reading “Cybersecurity Metaphors”
Tag Archives: InfoSecTTP
Exploiting Vulnerable Drivers
Often, attackers will attempt to prevent security software from interfering with their attack chains by abusing a vulnerable driver to kill or otherwise disable the system’s security software (antivirus/edr/etc). Because drivers run in highly-privileged OS Kernel mode, it is difficult to prevent attackers from achieving their goals if they manage to achieve code execution inContinue reading “Exploiting Vulnerable Drivers”
Attack Techniques: RMM Abuse
After you sign up on the Social Security Administration’s website, they’ll send you a yearly email inviting you to check out your benefits. Flipping through my Junk Mail folder this afternoon, I found the following email: It looks reasonably plausible, except for the return address (cuonlineedu.in, a university in India). I’m always game to lookContinue reading “Attack Techniques: RMM Abuse”
AI Injection Attacks
A hot infosec topic these days is “How can we prevent abuse of AI agents?” While AI introduces awesome new capabilities, it also entails an enormous set of risks from the obvious and mundane to the esoteric and elaborate. As a browser security person, I’m most often asked about indirect prompt injection attacks, whereby aContinue reading “AI Injection Attacks”
Attack Techniques: Fake Literally Everything! (Escrow Scam)
The team recently got a false-negative report on the SmartScreen phishing filter complaining that we fail to block firstline-trucking.com. I passed it along to our graders but then took a closer look myself. I figured that maybe the legit site was probably at a very similar domain name, e.g. firstlinetrucking.com or something, but no suchContinue reading “Attack Techniques: Fake Literally Everything! (Escrow Scam)”
text/plain 