Another great talk at the mobile cyber security conference a few weeks ago was by Glenn Wilkinson who talked about his software called snoopy which is able to track and profile mobile devices based on their wifi. He has a very cool drone which he flies over areas to probe the mobile phones in the area below. Sadly no … Continue reading Smartphone location tracking
Category: security
Smartphone SMS ‘hacking’
On Wednesday I went to a mobile cyber security conference held at the National Museum of Scotland organised by the Scottish Business Resilience Centre. One of the most interesting talks was given by Odd Helge Rosberg (@ohrosberg). Odd talked about the multiple operating systems (OS) in smartphones; which at first I was surprised at, but actually makes … Continue reading Smartphone SMS ‘hacking’
I’m on Forensics Lunch!
Last week I got invited to take part in Forensic Lunch to talk about Foreman, my open source case management project! https://www.youtube.com/embed/o7uSp8XVGLQ
4th International Conference on Cyber Security & Education
On Friday I went to the 4th International Conference on Cyber Security and Education, held at the Scottish Police College in Tullillan Castle. There were loads of really interesting talks and I think the only let down was the lack of abstracts/summaries of each talk; so often I was blindly going into a talk in one … Continue reading 4th International Conference on Cyber Security & Education
What makes malware “sophisticated”?
Most new articles on high profile cyberattacks call these attacks sophisticated, but are they really? At the RSA 2015 conference a few days ago, researchers Ira Winkler and Araceli Treu Gomes, wrote âthe Irari rules for declaring a cyberattack sophisticatedâ. The summary article can be found here, and the conference slide pack here. The main message is … Continue reading What makes malware “sophisticated”?
Kill chain models
It has been 4 years now since Lockheed Martin released their "Cyber Kill Chain" paper, which describes the stages that the perpetrator of an advanced persistent threat (APT) takes. This kind of attack sequencing is not new, the American military and other government forces have used similar models to show the stages of a terrorist … Continue reading Kill chain models
Storing passwords in your browser
Passwords, passwords, passwords. Weâve come to a point where itâs impossible to have a life online without a gazillion passwords, which should all be complicated, long and unique. The easiest way to solve this is by letting the browser store the passwords for you. You make up something random, and let the browser remember it … Continue reading Storing passwords in your browser
CompTIA Security+ Exam
A few weeks ago I took the CompTIA Security+ (version SY0-301) exam after 2 weeks of intense self-study and managed to successfully pass after a nerve-racking 90 minutes of questions. The exam covers all aspects of information security, including networking, access control, security threats & mitigation technique and cryptography. It doesnât go into a huge amount of … Continue reading CompTIA Security+ Exam
CyberForensics Conference 2014 – Day 2
Day 2 was just as good as day one, here are the highlights: Ethan Bayne presented on how to use GPUs to speed up carving and searching for files in a forensic image. Amazingly this has not been done yet, and the results he presented were spectacular as you can imagine! Essentially it's just parallelising a … Continue reading CyberForensics Conference 2014 – Day 2
The risks of QR codes
In my last blog post I talked about the merits of QR codes and their use in forensics. Iâm going to talk about the risks of QR codes now, as with everything, there are always issues with new technology. There are three main risks with QR codes: The QR code may point to a malicious … Continue reading The risks of QR codes