In this video, we discuss the risks of attempting to mitigate risk through cybersecurity insurance. To highlight this problem, we walk through a recent case where an insurer challenged an email fraud claim stating that because social engineering (rather than malware) caused the victim to be exploited that there was no covered loss. The court […]
Archive by Author
New Destructive Iranian Cyberattack – “Dustman”
Cyber Threat Intelligence Iran MalwareNews of a new destructive cyberattack targeting Saudi interests was published on January 7, 2020. The attack, likely from the government of Iran, took place in the Kingdom on December 29, 2020. The Saudi National Cybersecurity Authority published a technical analysis of the malware, Dustman, that was used for file wiping. In this video, we […]
Updating The Iranian Cyber Threat Assessment
Cyber Threat Intelligence IranIn this video, Rendition founder Jake Williams (@MalwareJake) and Brandon McCrillis (@13M4C) discuss how the launch of ballistic missiles from Iran into Iraq changes the cyber threat picture. In short, we don’t think much has changed. It is possible that the risk from hacktivists not controlled or directed by the Iranian government has increased, but […]
Assessing the Iran Cyber Threat
Cyber Threat Intelligence IranAt Rendition Infosec, we’ve fielded a number of calls from clients asking about the Iranian cyber threat in the wake of the Soleimani killing. In this video, we walk through likely targeting as well as action steps you can take to respond to the threat. It should go without saying, but any assessments made are […]
Rendition Celebrates Inc. 5000
BusinessOn Tuesday evening, Rendition Infosec was celebrated by the Technology Association of Georgia (TAG) as one of the GA companies added to the Inc. 5000 this year. It was a great event with founders and principals from many phenomenal companies from across the state in attendance. TAG recognizes GA companies included in the Inc. 5000 […]
Incident Response and OPSEC
Incident ResponseIt’s always important to consider OPSEC when performing incident response. We regularly work with clients to ensure that they don’t cause issues for themselves during the investigation. Tipping your hand to the attacker can result in a failed containment, which likely will lead to a failed remediation. Today, while teaching my last SANS Incident Response […]
WWHF Privilege Escalation Slides
Penetration Testing Privilege EscalationOn Friday morning, Rendition Founder Jake Williams had the honor of presenting at Wild West Hackin’ Fest in Deadwood, SD. He presented on privilege escalation tricks for Windows. Caveat: none of these tricks are particularly revolutionary, but they work. And that’s sort of the point. You don’t need 0-days to escalate in most networks and […]
iPhone Hacking and Indiscriminate Targeting
UncategorizedYesterday, Google Project Zero announced that they discovered a campaign exploiting a wide range of iPhone models and iOS versions in the wild. Google shared details about the exploits and the malware, but little about the campaign itself. This may be to protect business interests or it may be to stop a panic of those […]
Amazon Leaks Customer Data – And Belly Flops On The Response
Breach ResponseThursday night, I packed up my things to leave the office. On the way out the door, I turned back to my CEO (Brandon McCrillis) and said “oh <expletive deleted>, my Amazon account got hacked!” I said that after seeing an email on my phone updating me about the status of an order… an order […]
AVML – Memory Forensics For Linux
Incident Response Memory ForensicsOne of the problems we’ve experienced over the years with Linux memory forensics was the difficulty of obtaining a memory dump. This is because most acquisition tools require a loadable kernel module to be built on the exact same kernel version as the target. Building the kernel module on the target itself has several problems: […]