Security Compass Internal CTF Write-Up

posted on Jul 6, 2015 by Geoff Heymann

A link to the CTF discussed below: Introduction I thoroughly enjoyed the CTF organized by Stephen Hall for a recent Learning & Growth session at Security Compass. I was in awe of how some of my co-workers solved the challenges, and wanted to understand their mindset. So, I looked at one of the challenges no…

Understanding Strengths and Limitations of Static Analysis Security Testing (SAST)

posted on Jun 1, 2015 by Rohit Sethi

Many organizations invest in Static Analysis Security Testing (SAST) solutions like HP Fortify, IBM AppScan Source or Checkmarx or Coverity to improve application security. Properly used, SAST solutions can be extremely powerful: they can detect vulnerabilities in source code during the development process rather than after it, thereby greatly reducing the cost of fixing security…

Improving Your Password Habits With Passphrases

posted on May 29, 2015 by Chris Bonk

Preceding my work at Security Compass, the pursuit of my Masters of Computer Science led me to conduct research on user authentication, passwords and, more specifically, the study of human selection of long text-based passphrases. The research was done under the supervision of Dr. Julie Thorpe at the University of Ontario, Institute of Technology (UOIT)….

Dynamic DDoS Defense

posted on May 19, 2015 by Michael Bennett

Figure 1: SDN blocking a malicious attack Intro Let’s face it, DDoS attacks are growing both in size and complexity. Botnets used to launch DDoS attacks can contain anywhere from hundreds of thousands to millions of bots and as long as malware is prevalent across the Internet those numbers will continue to grow. Not to…

Breaking into the Industry: Information Security

posted on May 11, 2015 by Pratik Amin

Information Security is hiring. It’s not only major security companies looking for talented and experienced people but large organizations are starting to build out their own internal security teams. This is causing a major talent gap in the industry, everybody is competing for the same small group of people and the demand is much higher…

Making Smart Locks Smarter

posted on May 5, 2015 by stephen

Introduction: During a recent Security Compass ‘Hack Week’ we decided to take a look at smart locks in an attempt to assess the current state of Smart Lock Security.  For our project we decided to take a look at the August Smart Lock. The August Smart Lock is an electronic locking mechanism that can be…

Reblog: (ISC)2 CSSLP and Security Compass Training

posted on May 5, 2015 by Isabel Choi

Source: Simoneonsecurity Author: Simone Curzi – The author of this Blog, Simone Curzi, has been a Senior Consultant and Delivery Architect in Microsoft Consulting Services (MCS) Italy for more than 6 years and has spent a total of 15 year as a Consultant in MCS. Now he is a Senior Premier Field Engineer, specifically on Security topics…

Cyber-Flood Friday

posted on May 1, 2015 by Yousif Hussain

Welcome back to Cyber-Flood Friday! In this edition we discuss more about DDoS and the costs associated with attacks, and the trends within recent attacks. I also discuss the unfortunate growth sector of information-security, and how hackers are creating market demand for attack defenses. The articles mentioned shed light on recent news within Information Security,…

Bad Sudo

posted on May 1, 2015 by stephen

Sudo allows admins to give users permissions to perform actions as other users, primarily the root user. Normally when you give a user sudo you limit the commands that they can run as to not give any user full control over your system. If you use any of the default examples for sudo that can…

Battle School: RSA 2015

posted on Apr 29, 2015 by Christine MacDonald

You will never influence the world by trying to be like it. The core of our culture is to be different – to be memorable, whether its during a team outing or customer engagements. This was no different for us at RSA. Background Story: About a year ago @mrvaughan approached me with a hybrid CTF booth…