Entries by Stephen Crim

How DNS Tunneling Can Be Abused

I stumbled on this excellent technical explanation of a relatively old data exfil method, using DNS tunneling. Many of us who have been enthusiasts of subverting systems going back to the 1980s have probably read ways to use exploit DNS to access the internet on dial-up ISP’s without authenticating.

The Rise of Sensor-Based Security Products

When I talk about sensor-based products, what I’m specifically referring to is any product that sits outside of the traffic flow, and consumes network traffic either via a TAP/SPAN port, a packet broker or a switch with packet broker capabilities, or through manipulation of a switch’s forwarding plane via OpenFlow or other SDN technologies.

Checkpoint Research Details Flaw in Fortnite SSO

  Checkpoint Research Details Flaw in Fortnite SSO The Checkpoint blog reveals a great breakdown of a flaw in the SSO infrastructure used by the game Fortnite. SSO and other federated authentication platforms can be a double-edged sword. Developing any authentication system is very hard, web-based authentication especially so. You have competing requirements for interoperability […]