StegocryptoPy: Hide It in Plain Sight 2.0

  I improved on my steganographic tool I wrote previously to include AES encryption and tested files produced by the new tool. No surprise, file appended steganography is pretty ineffective but I had a fun time...

IR Policies When Considering CIA

Organizations of any significant size that provides some kind of service inevitably handles sensitive information. When considering a service-oriented organization in contemporary terms this service would be either delivered within a digital medium or would...

Hide It in Plain Sight

Part of a malware analysis I wrote on included a payload hidden in a Graphics Interchange Format (GIF) file. A reverse shell backdoor embedded in a GIF image file was uploaded to a server and...

CVE-2015-1427 Elasticsearch Vulnerability

Elastic’s data aggregation product, Elasticsearch (versions 1.3.0-1.3.7 and 1.4.0-1.4.2) is vulnerable to remote code execution via groovy code script. Elasticsearch is used by major companies such as FICO, Ebay, and WordPress to keep track of...

BSides Orlando

Security BSides describes their organization as “the first grass roots, DIY, open security conference in the world!” BSides is a medium that allows for local community organizations to host Information Security oriented conferences in their...