The Moron Contract

We build networks in very specific ways for a lot of reasons. Proper resource utilization, security, segmentation, etc. Every network should have a demilitarized zone (DMZ) where web applications can create sockets to internal servers. It allows traffic to take a stop and be further inspected before allowing it to reach core or sensitive infrastructure […]

Read More The Moron Contract

DNS: The Internet’s Phone Book

There have been a few articles recently about Secure DNS or DNS over TLS, and the first question that a buddy asked me (@Pratik) was “what the hell is DNS, technology has too many acronyms”. Have no fear my friend, I’ve got your back. DNS, or Domain Name Service, is like a phone book. If […]

Read More DNS: The Internet’s Phone Book

Sandbox Evasion Technique

It’s been a while since I’ve written anything on my blog, its been a busy few months at GDT. We’ve been working on developing some cool new security technologies and techniques, and a new type of attack that leverages steganography and DNS exfiltration. I’ll have a write up on that as soon as I get […]

Read More Sandbox Evasion Technique

The Idiot’s Guide to IoT Security

I hate IoT. When notifying some manufacturers about vulnerabilities in their devices, we often get a response along the lines of “Version X.YZ of the firmware has a ton of new features, we’ll add it then when it comes out in 8 months!”. That means for 8 months, that vulnerability remains unpatched. Very few people […]

Read More The Idiot’s Guide to IoT Security

The Christmas of IoT

Tech gifts are awesome. As an engineer, I love getting new gadgets and gizmos to play with, break, and eventually fix. But if someone gets me some mundane object that is internet connected, I’m going to lose my shit. Its a cool concept, instead of a regular bathroom scale, its a¬†machine-learning¬†bathroom scale. It seems appealing […]

Read More The Christmas of IoT

DON’T. SHARE. YOUR. PASSWORDS.

A lot of members of the British Houses of Parliament are under fire this week for some pretty terrifying information security practices. And by terrifying I mean that when I first read this I couldn’t believe that someone in a position of power could be so lax with their security. For those that haven’t seen, […]

Read More DON’T. SHARE. YOUR. PASSWORDS.