Author Archives: Adam
55 5 โญ Reviews?
I’m getting ready for the 5-year anniversary of my book, “Threat Modeling: Designing for Security.”
As part of that, I would love to see the book have more than 55 5 ⭐ reviews on Amazon. If you found the book valuable, I would appreciate it if you could take a few minutes to write a review.
Hexacorn Ltd: Sysmon โ ideas, and gotchas
Hexacorn Ltd: PE files and the Easy Programming Language (EPL)
Hexacorn Ltd: File extensions of interest
Hexacorn Ltd: Can we stop detecting mimikatz please?
Hexacorn Ltd: Trivial Anti-BlueTeam trick #2
Hexacorn Ltd: Beyond good olโ Run key, Part 101
Hexacorn Ltd: Too much % makes Event Viewer drunk
Linkedin Learning: Producing a Video
My Linkedin Learning course is getting really strong positive feedback. Today, I want to peel back the cover a bit, and talk about how chaotically it came to be.
Before I struck a deal with Linkedin, I talked to some of the other popular training sites. Many of them will buy you a microphone and some screen recording software, and you go to town! They even “let” you edit your own videos. Those aren’t my skillsets, and I think the quality often shines through. Just not in a good way.
I had a great team at Linkedin. From conceptualizing the course and the audience, through final production, it’s been a blast. Decisions that were made were made because of what’s best for the student. Like doing a video course so we could show me drawing on a whiteboard, rather than showing fancy pictures and implying that that’s what you need to create to threat model like the instructor.
My producer Rae worked with me, and taught me how to write for video. It’s a very different form than books or blogs, and to be frank, it took effort to get me there. It took more effort to get me to warm up on camera and make good use of the teleprompter(!), and that’s an ongoing learning process for me. The team I work with there manages to be supportive, directive and push without pushing too hard. They should do a masterclass in coaching and feedback.
But the results are, I think, fantastic. The version of me that’s recorded is, in a very real way, better than I ever am. It’s the magic of Holywood 7 takes of every sentence. The team giving me feedback on how each sounded, and what to improve.
The first course is “Learning Threat Modeling for Security Professionals.”
Hexacorn Ltd: Timestomping and event spoofing in the cloud?
Porg on a Borg
Why We Canโt Have Nice Things
Why would the best burger place in the United States close? Because thousands of people had the same stupid idea as you and flooded the place. Waiting times for burgers stretched to several hours, staff were overwhelmed, service declined and loyal customers were alienated.
Threat Modeling in 2018 (video release)
Blackhat has released all the 2018 US conference videos. My threat modeling in 2018 video is, of course, amongst them. Slides are linked here.
Change in the Weather
- A remote Hawaiian island, East Island, was destroyed by Hurricane Walaka. East Island was 11 acres. It was also a key refuge for turtles and seals. Read more in The Guardian.
- Maersk has sent a ship, the Venta Maersk, through the Northern Passage. The journey and its significance were outlined by the Washington Post, with predictions of 23 days (versus 34 to sail via Suez). In reality, it took 37 days, according to the press release, “without incident.” The idea that there’s a sailable Northern Passage is astounding, even if a first sailing took longer than expected.
Podcast with Ron Woerner
Ron Woerner had me on as a guest in his business of security podcast series. It was fun to chaotically discover some of the business justifications for threat modeling, and the podcast is now live at itunes. You can learn more about the series at Business of Security Podcast Series.
CVE Funding and Process
I had not seen this interesting letter (August 27, 2018) from the House Energy and Commerce Committee to DHS about the nature of funding and support for the CVE.
This is the sort of thoughtful work that we hope and expect government departments do, and kudos to everyone involved in thinking about how CVE should be nurtured and maintained.
Space Elevator Test
So cool!
STARS-Me (or Space Tethered Autonomous Robotic Satellite – Mini elevator), built by engineers at Shizuoka University in Japan, is comprised of two 10-centimeter cubic satellites connected by a 10-meter-long tether. A small robot representing an elevator car, about 3 centimeters across and 6 centimeters tall, will move up and down the cable using a motor as the experiment floats in space.
Via Science News, “Japan has launched a miniature space elevator,” and “the STARS project.”