Profile cover photo
Profile photo
Lenny Zeltser
Advances information security. Grows tech businesses. Fights malware.
Advances information security. Grows tech businesses. Fights malware.
About
Lenny's posts

Post has attachment
This is my attempt to look beyond the "fileless malware" buzzword by exploring the malware that influenced how we use the term today.

Post has attachment
I attempted to follow the breadcrumbs trail that began with an official-looking fake invoice and led me to oblique firms in the Principality of Liechtenstein. This illicit and profitable campaign has been active for at least a decade, as far as I can tell.

Post has attachment
It's surprisingly difficult to craft email customer messages that don't look like phishing attempts. Take a look at a few examples and consider how these communications could have been improved.

Post has attachment
This article by Ben Basche helped me understand the attractiveness and potential of Snapchat. The pseudo-ephemeral nature of Snapchat activities encourages participation without requiring users to worry about the permanent brand they're building for themselves online, in stark contrast to how people see "traditional" social networks such as Twitter and Facebook. There is more to Snapchat than meets the eye.

Post has attachment
For penetration testers out there, running Metasploit Framework as a Docker container on a local system or in a public cloud offers several advantages. Here is a look at how to do this without much effort.

Post has attachment
The wait times in US airports' security checkpoints seem to be getting longer and longer. Unfortunately, TSA has the perverse incentive to make this experience as painful as possible for regular travellers, so that they opt into the privacy-invading background check necessary to participate in the PreCheck program for expedited screening. It's good to see that some airports are attempting to put pressure on TSA to improve.

Post has attachment
I'm a fan of deception-based approaches to enterprise security. Honeytokens in particular offer a handy way to spot intruders attempting to access unauthorized data or resources. Here is how you can start experimenting with honeytokens today using the open source toolkit Canarytokens.

Post has attachment
Fascinating peek into the world of 9-1-1 operators, described by Matthew Schreiner, who worked as a 9-1-1 telecommunicator and supervisor for 10 years.

Post has attachment
All of us can probably benefit from this reminder once in a while.

Post has attachment
Wait while more posts are being loaded