Profile cover photo
Profile photo
David Longenecker
177 followers -
Christ-follower | Once mistaken for a cybersecurity expert | dad of 5 | @AustinISSA board | I write https://securityforreealpeople.com
Christ-follower | Once mistaken for a cybersecurity expert | dad of 5 | @AustinISSA board | I write https://securityforreealpeople.com

177 followers
About
Posts

Post has attachment
Using malware's own behavior against it
A quick read for a Monday night. Last week while investigating some noisy events in my security monitoring system, I noticed two competing Windows features filling up event logs: link-local multicast name resolution (LLMNR) put lots of name resolution reque...
Add a comment...

Post has attachment
Seeing isn't believing: the rise of fake porn
The following may be disturbing to readers, but I feel it is important to write for several reasons. The first is, to stay a step ahead of cyberbullies that could use this technology to humiliate others. The second is to give readers - especially parents an...
Add a comment...

Post has attachment
It's W2 scam season
Time for a short Friday afternoon social engineering‍ discussion. If you work in HR / finance / benefits, you'll want to stick with me. It's January, the beginning of tax season in the US (and I presume, other countries as well). Employers in the US are req...
It's W2 scam season
It's W2 scam season
securityforrealpeople.com
Add a comment...

Post has attachment
A handy trick for proxying HSTS sites in Chrome
TL;DR: Chrome has a nifty undocumented trick that makes proxying so much more useful when testing sites using HSTS or pinned certs: where the security warning screen doesn't give you an option to ignore, type " badidea " to continue anyway. Browser makers h...
Add a comment...

Post has attachment
Private data in public places
Professional social engineer and open source intelligence expert Stephanie " @_sn0ww " Carruthers makes a living out of (mis)using what people and companies share publicly, so when she talks I listen. Her talk at the Lonestar Application Security conference...
Private data in public places
Private data in public places
securityforrealpeople.com
Add a comment...

Post has attachment
Be sure to deregister Amazon devices purchased as gifts
Now that post-Thanksgiving shopping is in full swing, here's a brief tip for those purchasing Amazon gadgets as Christmas gifts: if you are giving an Amazon Device to someone outside your household, you must deregister the device from your Amazon account. O...
Add a comment...

Post has attachment
IR Toolkit
In 20 years of systems administration and incident response, there are a handful of tools I find myself coming back to over and over again. Naturally, the SysInternals suite is on the list, along with Wireshark and Didier Stevens PDF tools. I've also includ...
Add a comment...

Post has attachment
Exploiting Office native functionality: Word DDE edition
I love reading exploit techniques that rely on native features of the operating system or common applications. As an attacker, I find it diabolically clever to abuse features the target fully expects to be used and cannot turn off without disrupting busines...
Add a comment...

Post has attachment
If you ever had SBC broadband, and thus have a merged Yahoo!/AT&T account, you (and I) are well and thoroughly hosed. 2FA is simply not an option for such accounts. The only option is to set the strongest password AT&T allows (which is itself deficient), then disassociate anything of value from that email account.
Add a comment...

Post has attachment
Enable two-factor on your Yahoo account... if you can
Yahoo! accounts have very different security options depending on their origin. Unless you've been living under a rock, you know by now that Yahoo! suffered a massive data breach in 2013. The number of accounts reportedly affected changed a number of times,...
Add a comment...
Wait while more posts are being loaded