RSS feed

Weekly infosec news summary for 2016.10.02 – 2016.10.09

Top stories

This was an uneventful week for enterprise defense.


Conference materials and publications

  • Virus Bulletin: This conference occured in Denver this weekend. Slides are not yet up for all talks, but check out my summary here.
  • BalCCon videos: The Balkan Computer Congress took place in Serbia in September.
  • FloCon slides: This conference on large-scale network analytics took place in Florida in January.
  • MacOS Hardening Guide: Jonathan Levin, author of "MacOS and iOS Internals, Volume III: Security & Insecurity" which will be released this coming week, has released his appendix, the MacOS Hardening Guide. This doesn't provide a lot of actionable steps, but lays out some general thoughts on things that can be done, such as recompiling the kernel, which is open-source, and setting SECURE_KERNEL to 1.
  • The Container Revolution: Reflections After the First Decade: This talk from the Hashiconf conference (focused on devops tools), discusses the three decades of containerization.
  • Glitchy Descriptor Firmware Grab: Micah Elizabeth Scott has a number of hardware hacking videos. This one shows using glitching to extract firmware.


  • OverSight: New macOS tool from Objective See presented at Virus Bulletin.
  • Pafish for Office Macro: Tool to check malware detonation environments that detonate Office docs.

Newspaper news

  • US accuses Russian Government of DNC hack: The DHS and ODNI (Office of the Director of National Intelligence) has formally accused the Russian government of the hacked e-mails on sites like and WikiLeaks and the Guccifer 2.0 online persona.
  • Yahoo secretly scanned customer emails for U.S. intelligence: The summary of the story as presented in the news is that Yahoo execs complied with a court order to install some special government software to scan customer emails, which Alex Stamos, the CISO at the time, didn't know about until his security team discovered it, causing him to quit. Privacy debates and surveillance laws aside, the important take-away here is ensuring you have policies and technical controls in place to identify changes to your production infrastructure, and being able to detect "inside threats" like this, which may even involve teams of people.

Other reads

To receive a weekly email notification of this newsletter, email