Profile cover photo
Profile photo
John Woods
39 followers
39 followers
About
Posts

Post has attachment
InfoSec Fundamentals, Spoiler: AV is not dead
I've been thinking about this a lot, and I asked about it and got an answer I didn't expect on twitter, here: This tweet  which took mere to  this article . So here is a blog post about it. First, I think a lot of what InfoSec teams do as "fundamentals" is ...
Add a comment...

Post has attachment
RSA Vendor Comps and You
With RSA coming up I've been thinking about this because it seems many people on both sides of this don't appear to understand the rules. Which is crazy annoying at best, at worst it makes our industry more scummy if that is possible. I had a vendor who com...
Add a comment...

Post has attachment
#RSAC vs. #VMWorld Take 2
I've noticed some more things and realized I called out what I was seeing at VMWorld on the last one without calling out the difference so I'll explain a few things better too. At InfoSec Cons people want to understand how things work, why they do what they...
Add a comment...

Post has attachment
InfoSec vs. Infrastructure Communities
Backstory: I've considered myself part of the InfoSec community since going to my first DEF CON 15 years ago. Back then I had already been doing security work for a while but was not aware of the community and really that this could be your 100% focus until...
Add a comment...

Post has attachment

Post has attachment
MS15-034 Ruby Script
I made one and it is here: https://github.com/secjohn/ms15-034-checker. When MS15-034 hit earlier this week there was a lot of activity. A few Python scripts came out quickly. Someone used one of those to make a Metasploit module very fast, a bit later a nm...
Add a comment...

Post has attachment
Educating non-InfoSec People
EA was hacked and isn't admitting, in my opinion. Let me explain. EA has an application used to buy games and in game things called Origin. I have an Origin account I almost never use, I used it to buy some single player games in the past. I got a your pass...
Add a comment...

Post has attachment
Told you so...Almost
From my last post you can see I had serious doubts about the FBI claim that North Korea is involved int he Sony hack and I'm deeply concerned that the FBI is being used as a propaganda arm of the Executive branch of government. Here is an update: Norse Corp...
Add a comment...

Post has attachment
Add a comment...

Post has attachment
New Scripts and Old Script Changes
I pushed up some scripts I banged out today here: https://github.com/secjohn/nessus-reporting I'm a blue team guy again and I needed a better way to share Nessus findings both vulnerability scans and compliance audit scans with my admins. The Nessus HTML an...
Add a comment...
Wait while more posts are being loaded