Profile cover photo
Profile photo
Jacob Williams (Jake)
330 followers -
I hunt malware, reverse engineer code, and other such awesome things.
I hunt malware, reverse engineer code, and other such awesome things.

330 followers
About
Jacob's posts

Post has attachment
The problems of PUA (Potentially Unwanted Alerts)
Recently we had a client call us about a problem on their network.  Rendition Infosec runs a 24×7 security monitoring service and had a client call about an antivirus alert for PUA (potentially unwanted application).  This class of alert is often difficult ...

Post has attachment
Petition for Microsoft to disclose data about MS17-010
Rendition Infosec is sponsoring a petition asking Microsoft to disclose telemetry data around MS17-010. We've highlighted a number of reasons why we feel this is important for the security community as a whole. It is almost certain that Microsoft has data a...

Post has attachment
Rendition Infosec is sponsoring a petition asking Microsoft to disclose telemetry data around MS17-010. We've highlighted a number of reasons why we feel this is important for the security community as a whole. It's almost certain that Microsoft has data around how these vulnerabilities were exploited by attackers. Revealing this data will help us better understand decisions made in the vulnerability equities process. It will also enhance understanding about how likely it is that vulnerabilities discovered by APT attackers are independently rediscovered by others attack groups. Finally, it will help policy makers assess whether the exploits reportedly stolen (and subsequently released) by Shadow Brokers were likely used to exploit other targets before being released to the general public. If you work in infosec, think computer security is a good thing to have, and/or believe in transparency, please consider signing our petition.
https://www.renditioninfosec.com/2017/05/call-to-microsoft-to-release-information-about-ms17-010/

Post has attachment

Post has attachment
The latest WikiLeaks dump details a tool called Archimedes, which is essentially just a repackaged version of the Ettercap tool. Honestly, the CIA tool has fewer features than traditional Ettercap, but appears to be built for stealth, while Ettercap is not. I've written a little about the Archimedes tool, ARP spoofing in general, and advice for businesses to defend against Man-in-the-Middle attacks.

Read the full post at:
https://www.renditioninfosec.com/2017/05/wikileaks-archimedes-tool-release-the-breakdown-for-business-leaders/

Post has attachment
Observations from the latest Internet-wide DOUBLEPULSAR scan
I've posted some notes from the latest Rendition Infosec Internet wide scans for DOUBLEPULSAR. Despite some reports to the contrary, it's not getting any better. In fact, it's a bit worse than earlier this week despite the uninstallation scripts moving arou...

Post has attachment
I've posted some notes from the latest Rendition Infosec Internet wide scans for DOUBLEPULSAR. Despite some reports to the contrary, it's not getting any better. In fact, it's a bit worse than earlier this week despite the uninstallation scripts moving around the Internet (note that Rendition Infosec does NOT recommend using these tools.

Read the rest of the story (complete with country breakouts of infection) here.

Post has attachment
DOUBLEPULSAR (NSA malware) infects more than 3% of machines with SMB exposed to the Internet
After reading some early articles mentioning that DOUBLEPULSAR (reportedly NSA malware) infections were widespread on the Internet, my folks at Rendition Infosec thought the numbers might be inflated due to poorly implemented scans.  After performing some o...

Post has attachment
A "Digital Geneva Convention" won't be a reality without reliable cyber attribution
Microsoft released their idea of a “Digital Geneva Convention” to help normalize behavior on the cyber battlefield.  The document, linked here , is generally well written and documents the need for a document of its type. While the idea of regulating the cy...

Post has attachment
Business impact of the Shadow Brokers dump of Windows exploits
The Shadow Brokers have dumped their cache of exploits for Windows systems (supposedly stolen from NSA).  Although some were originally reported as zero-days exploits, this has since been proven to be incorrect due to recent Microsoft patches.  However, the...
Wait while more posts are being loaded