Mayhem Blog

Just because you have a tool, like ATT&CK, you might not realize its full potential without someone being there to guide you … at least in the beginning. Frank, now the chief innovation officer and co founder of Tidal Security, returns to The Hacker Mind to discuss the ATT&CK, only ...

DEF CON is 30 years old this year, and it’s bigger and better in part because of topic-specific villages. Here’s an inside look at four of the most popular villages.

Fighting organized crime online might seem like a logical extension for law enforcement, but, in fact, it is not all that straight forward. Michael McPherson is someone with 25 years in the FBI, who has transitioned out to the corporate world, and can best describe the experiences on both sides.

There’s a war online in Ukraine, one that you haven’t heard much about, in part because the country is holding its own thanks to infosec volunteers worldwide. Mikko Hypponen joins The Hacker Mind to discuss cybercrime unicorns and the fog of cyber war that surrounds the Ukrainian war.

Living off the Land (LoL) is an attack where files already on your machine, ie your operating system, are used against you. They would be undetectable, right? Kyle Hanslovan CEO of Huntress Labs joins The Hacker Mind to discuss recent LoL attacks.

With digital convenience there’s often a price. And if that means a bad actor can create a wireless key for your new Tesla, that price is pretty steep. At CanSecWest 2022, researcher Martin Herfurt announced a new tool,TeslaKee, which he hopes prevents wireless key attacks from happening.

CWE 401- Missing Release Of Memory After Effective Lifetime can occur when a program does not release memory after it is finished using it.

In computer science, reachability is the ability to find a path from one node in a graph to another. A reachable assertion is an assertion that specifies a condition that must be satisfied for a particular path to be considered reachable.

CWE-20 - Improper Imput Validation in a web application can allow an attacker to supply malicious user input that is then executed by the vulnerable web application. Improper input validation can be used to bypass security mechanisms, such as authentication and authorization controls.