Main Menu
  • Filter:
image
Blog

A Dangerous Shift in Ransomware Targeting

There’s good news for commentators that really “phoned it in” on their 2017 predictions: ransomware is becoming even more of problem. While you’ll be hard pressed to find analysts who...

image
Blog

Malware Removal Software Company Identified as Acting on the Behalf of Russia: What Does it Mean for You?

President Obama issued an executive order recently in response to address Russia’s cyberattacks against the United States. There are sanctions against Russian individuals and entities, and a number of Russian diplomats...

image
Blog

Compliance Alone Won’t Save You: The Next Attack Will Hit Harder Than the Last

This past weekend, the San Francisco Municipal Transportation Authority (SFMTA) was hit with a ransomware attack that left it unable to process payments for rides. The SFMTA was forced to...

image
Blog

Four More Years and Four Hundred Pounds of “You’re On Your Own”

Last night at Hofstra University, at the first of three scheduled presidential debates in 2016, Lester Holt introduced a segment of questions on “Securing America”. While as an avid consumer...

image
Blog

Hacking Healthcare: How to Offensively Protect Healthcare Systems

A breach of a healthcare provider can have a serious impact, both in terms of financial loss and patient confidence. HIPAA violations can involve fines of up to $50,000 per...

image
Blog

Lessons Learned from Exploiting IoT in the Enterprise

Over the past year, the HORNE Cyber penetration testing team conducted advanced penetration tests of organizations in many different sectors: from healthcare, financial services, and manufacturing to food production and...

image
Blog

Buzz Off with Lawyer Liz: Delta Airlines and Critical Infrastructure

Last week, I had the pleasure of joining Elizabeth Wharton on her radio show, Buzz Off with Lawyer Liz, to talk about the security of critical infrastructure, specifically as it relates...

image
Blog

Secure Penetration Testing Operations

Just a few months ago, my team found the back door of a network left open by a previous penetration tester for one of our clients. Unfortunately for this client,...

image
Blog

Highlights of DEF CON 24

After last week’s blog covering the upcoming presentations at Black Hat USA, I had a number of requests for our take on the DEF CON 24 schedule (immediately following Black Hat,...

image
Blog

6 Talks We’re Looking Forward to at Black Hat USA

A number of us at HORNE Cyber are attending Black Hat USA's briefings on August 3rd and 4th. I am looking forward to sharing my work on conducting more secure penetration...

image
Blog

Security Measures for Hostile Network Environments

While hacking and information security themed conferences such as DEF CON and Black Hat USA have a reputation of having hostile network environments with a large number of sophisticated attackers,...

image
Blog

Rising to the Challenge of Pen Testing ICS

Many organizations, including portions of our national critical infrastructure, rely on industrial control systems (ICS) and supervisory control and data acquisition systems (SCADA) to automate critical processes. This includes manufacturing,...

image
Blog

HORNE Cyber at Black Hat USA 2016

Wednesday evening, I was notified that my proposal for a talk at the Black Hat USA 2016 Briefings (August 3rd and 4th) was accepted by the review board, composed of...

image
Video

Understanding Cyber Attacks

Organizations typically do not find a hacker on their network for 4-7 months. So, how do you identify an attack and effectively defend your organization?

image
Whitepaper

The Practical Guide to Security at Conferences

Conferences are Target-Rich Environments for Private and Nation-State Intelligence Gathering. 

image
Whitepaper

Secure Penetration Testing Operations

Following previous presentations on the dangers penetration testers face in using current off-the-shelf tools and practices (Pwn the Pwn Plug and I Hunt Penetration Testers), this paper and presentation explores how widely available learning materials used to train penetration testers lead to inadequate protection of client data and penetration testing operations.