Designing Secure Systems takes a theoretical approach to information security. In this book, I introduce authorization theory, a way to analyze the security of any system based on its access, authorization, authorization, and authentication components. This approach enables you to model human process, physical, and cybersecurity systems with a single approach.
Authenticating to remote services with only a password is a thing of the past. Modern attack techniques make theft and reuse of passwords simple, yet we continue to use them to secure pretty much everything. In this post, we will review the various risks associated with password authentication and discuss what can be done to improve our security posture.
Think Like a Hacker is designed for systems administrators interested in the cybersecurity field as well as information security professionals interested in secure systems design.
Think Like a Hacker is designed to take an IT professional with an interest in cybersecurity on a journey through how an attacker thinks about a network, while posing new theoretical models on how to analyze their network through the lens of a targeted attacker. This book is not be your typical security book that focuses … Continue reading Prologue – Think Like a Hacker
Pass the hash is one of most prevalent techniques used in targeted attacks today, due to its ease of use and effectiveness. Despite this prevalence, many organizations do misunderstand how the attack works and remain vulnerable. In this post, I will describe how a pass the hash attack works and provide some effective ways to … Continue reading Understanding and Preventing Pass the Hash Attacks
One of the difficulties involved with malware analysis is determining exactly how concerned you should be when you find a new sample on your network. Categorizing malware does not require high cost tools and access to subscription-only databases (although these can help). The following is a list of ways to help determine how concerned you should … Continue reading Am I Pwned? – 5 simple ways to help determine if you should be concerned about malware you discover on your network
The Cold War was a unique period in history; a period of high political tension lasting for almost 45 years whereby the world was divided into distinct categories of extremely capable countries. The term “Cold War” was coined by George Orwell in an article entitled “You and the Atomic Bomb” published in the Tribune on … Continue reading Cyber Warfare and the New Cold War