Security misconceptionsA SANS@MIC talk on the pits and fallacies we fall into while advising ourselves and others in information security.
Smart house attack vectorsBeyond WPA2 and a firewall: WPS, pre-compromised LAN hosts, evil-maid USB attacks, weak ISP routers, leaked credentials, and sub-GHz radio protocols.
An Azure zero-day XSS with sandbox escapeChaining a command injection into a stored XSS that jumps from a compromised SaaS site to the Azure administrator through the Kudu console.
Fifteen tips on producing good documentationPractical rules for documentation that actually gets written and stays useful: keep it simple, write in English, never store passwords, and update as you go.
My reflections as a CISOMoving from techie to security leader: staying visible, not being the dust boy, and avoiding the security roller-coaster of budget cuts.
Is social engineering an actual threat?Why social engineering keeps working, the psychological levers behind it, and classic examples including the HBGary hack.
XSS explainedThe three ways to deliver a Cross-Site Scripting payload, the attack vectors that make it dangerous, and a short history of XSS in the wild.
Enumeration with sqlmapUsing sqlmap to enumerate databases through a SQL injection, what enumeration means in a pen test, and how the attack looks in the server logs.