Career Mindset Spectrum
Career progression requires a shift of mindset. Having the wrong mindset, at the wrong time, isn’t necessarily bad, it just means that traditional career progression may not apply. Adopting the mindset of the next rung of an organizations ladder will expedite your progress. There is no ideal mindset. Each individual...
Read More
The Great Mental Models and Information Security
As a regular reader of the Farnam Street project, I’ve come to appreciate mental models and how they can help us make decisions. In regards to the information security industry, since we are still likely in the “pre-Galilean” period, it suffices to say that applying mental models to the way...
Read More
Parenting Lessons for the Information Security Industry
In Peter Thiel’s book Zero to One: Notes on Startups, or How to Build the Future, he talks about the best interview question. The question is this: “What important truth do very few people agree with you on?” Something I’ve had a gut feeling about for a while without any...
Read More
Using Zero Days for Red Teams
What do you think when you hear the term zero day? Most of us think of high dollar zero days that organizations such as Zerodium peddle. These types of zero days represent a minuscule amount of the zero days that one: currently exist, and two: are being released every day....
Read More
Determining Risk Less Badly
“Risk is a factor in decisions, as well as costs, interests, and even our ability to frame decisions around a risk.” - Ryan McGeehan The sole reason for ranking risk is so that decisions makers can use it as a factor for making some decision. If that risk ranking is...
Read More
ForeScout Secure Connector Local Privilege Escalation
Application: ForeScout CounterACT Secure Connector Operating System tested on: Windows 10 1809 (x64) Vulnerability: ForeScout CounterACT SecureConnector Local Privilege Escalation through Insecure Folder Permissions Overview: This vulnerability exists due to the permissions set on the logs directory used by the ForeScout SecureConnector application. Every several seconds, a new log entry...
Read More