Subdomain Hijcking – Notes links & tools

I had previously read about Subdomain hijacking, but in all honesty I didn’t really “get it”. All that changed starting with this Security Fest talk by Frans Rosén entitled: DNS hijacking using cloud providers: Or more accurately I really started to get this going through Frans’s slides of the talk: I don’t want to explain the premise of this to you as it’s one of those you have to investigate yourself to really get to grips with it. But what I will do to (hopefully) bring your learning time down is detail below all of the links Frans mentions plus those from my Read More

It’s time to patch our human firewall

In light of a recent article on IT Governance blog entitled “What exactly is Social Engineering?”, I’d like to take a step back and explore what precedes a successful social engineering attack. I recently asked an expert in social engineering, deception and negotiation the following question: Would you say that underpinning social engineering would be a process of reconnaissance, perhaps using social media? She responded: Almost always these days, Stu! Many articles focus on the attack methods that ultimately give rise to a breach but neglect to mention the single most important aspect of these successful breaches: reconnaissance. The importance of Read More