Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

My Time at NetWars Tournament of Champions

EPISODE ONE: THE CTF AWAKENS Each and every December, some of the best and brightest hackers from around the world travel to Washington D.C. for the NetWars Tournament of Champions. Champion golfers may have their prestigious green sportscoats, but NetWars champions receive the coveted black hoodie. Who am I? Let’s start with the basics: I …

The 12 Days of Security

If you’ve been following our actions on social media lately, you’ll notice we did a “12 Days of Security” series of cybersecurity tips for how to stay secure around the holidays. The below is a recap of the updates. On the First Day of Security … Around the holidays, email phishing is much more common. …

Your Worst Case Scenario: An Introduction to Threat Modeling

Threat modeling is an important piece of the security puzzle that may be missing in many IT organizations. Building a comprehensive model of the threats to your applications, systems, and organization will focus your security efforts where they matter most. When you drive your car, do you fasten your seat belt? Then, you understand the …

My Life at Bishop Fox

I’m picky about where I work. I don’t like companies that seem to run an internship program simply because everyone else has one. Bishop Fox proved to me that it’s possible to find an impactful, rewarding, and fun internship outside of the traditional options. One of the most important factors in finding a fulfilling workplace …

Is CORS Becoming Obsolete?

Lately, we have received a lot of questions from our clients about CORS becoming obsolete. They are rightfully concerned about this possibility because so much of Web 2.0 depends on the interoperability mechanisms that CORS provides. In this write-up, we shed some light on whether this is a valid fear, and the actual reality of …

Breaking Drone Defenses: Using Chicken Wire to Defeat Net Projectile-Based Products

The majority of practical drone defense products/solutions currently available use a net projectile of some kind.  These nets are typically very light weight, and wouldn’t be heavy enough to drag down their intended targets.  Instead, they are designed to get tangled in the propellers of the ‘rogue drone’ being targeted in order to disable it …

How I Built An XSS Worm On Atmail

This blog post was authored by Senior Security Analyst Zach Julian; you can connect with him on Twitter here. Atmail is a popular provider for cloud-based and on-premises email hosting. It is used by companies, hosting providers, and ISPs including DreamHost, LegalShield (US), m:tel (Bosnia), iiNet, and Optus (Australia). Being an atmail user on …

How We Can Stop Email Spoofing

According to our research, 98 percent of the internet is vulnerable to this attack. And here’s how our tool, SpoofCheck, can help us bring a stop to it. Most web domains are not protected against email spoofing, which is a relatively easy problem to solve. If you’re concerned that your domain may be vulnerable …