Turla’s Pelmeni Wrapper: How Weak Crypto Exposed Kazuar’s Payload
Turla’s Pelmeni Wrapper reveals how flawed cryptographic choices in malware design can create tracking opportunities. This post dissects how a weak and predictable pseudorandom generator exposed Kazuar’s payload and what this means for threat intelligence.
Scanning Beyond the Patch: A Public-Interest Hunt for Hidden Shells
Even after patching, many edge devices remain compromised. This post explores how to ethically scan for backdoors left behind.
Ready, Retain, Fire? The Quiet Fallout of U.S. Offensive Cyber Policy
When one nation hoards weapons, others feel compelled to follow. The U.S. posture on zero-day retention risks global insecurity through a dynamic we've seen before.
What You Hide Will Hurt You: The Streisand Effect of Zero-Day Vulnerabilities
Most vulnerabilities never make headlines; botched disclosures do. Trying to muzzle researchers doesn’t shrink risk, it spotlights it.
The Ransomware Blame Game: Who Bears the Burden of Sanction Enforcement?
When I worked in a Computer Emergency Response Team (CERT), ransomware cases were part of the routine. A company would be hit, backups failed, and the question of ransom payment would come up. Every so often, the team would offer the option of a sanction checking service to verify whether payment was even legal. However, these sanction checks wo...
Unsolicited but Ethical: Threshold Deontology in Public Interest Vulnerability Disclosure
I often send emails to people I’ve never met, about systems they didn’t know were vulnerable, warning them about risks they never asked me to find. Often, they’re surprised. Mostly grateful. Occasionally hostile.
I can understand the discomfort. On the surface, without more in-depth knowledge, it can feel intrusive. Who asked me to scan their i...