Mayhem Blog

Karl Sigler, from Trustwave SpiderLabs, talks about the threat landscape for medical devices and the healthcare industry in general.

One could hack into a military, a foreign government, or even global commercial web services domain using flaws in the underlying architecture. Fredrik Nordberg Almroth, co-founder of Detectify, talks about how he did just that.

Phishing is everywhere. Who among us has not seen phish in their inbox? Aviv Grafi, from Votiro, gets into the weeds about how malicious documents are formed and how they might (despite good secure posture) still end up in your inbox or browser.

Could the nudges and prompts like those from our Fitbits and Apple watches be effective in enforcing good security behavior as well?

Say you’re an organization that’s been hit with ransomware. At what point do you need to bring in a ransomware negotiator? Should you pay, should you not? Mark Lance, the VP of DFIR and threat intelligence for GuidePoint Security, provides The Hacker Mind with stories of ransomware cases he’s handled.

Small to Medium Business are, today, the target of APTs and ransomware. Often they lack the visibility of a SOC. Or even basic low level threat analysis. Chris Gray of Deepwatch talks about the view from the inside of a virtual SOC.

More and more criminals are identified through open source intelligence (OSINT). Sometimes a negative Yelp review can reveal their true identity. Daniel Clemens, CEO of ShadowDragon, talks about his more than two decades of digital investigations.

It’s time to evolve beyond the UNIX operating system. OSes today are basically ineffective database managers, so why not build an OS that’s a database manager?

Incident response in the cloud. How is it different, and why do we need to pay more attention to it today, before something major happens tomorrow? James Campbell, CEO of Cado Security, shares his experience.