I wasn't expecting to do yet another SANS course but the opportunity did arise for me to do SEC760 in ondemand format. Previously, I had already done SEC660 as well as OSCE and was conversant with buffer overflows in a multitude of formats (EIP overrides, SEH overrides, ASLR/DEP bypass, return ...

The Cyber Security Agency (CSA) posted an advisory about tech support scammers impersonating CSA officers 7 months ago. A few cybersecurity professional, me included, saw the post and immediately commented either directly on the post or on a copy shared by one of the deputy directors that the ...

I had some issues with automatically creating a service principal to set up Azure Resource Manager in Azure DevOps due to overly strict Azure AD policies resulting in the following error Error encountered: Failed to create an app in Azure Active Directory. Error: Credential lifetime exceeds the ...

Yubico used to publish a Windows Store application YubiKey for Windows Hello that allowed local non-domain joined accounts to login to Windows simply by inserting the YubiKey. However, that application has since been retired and there is no current method to perform a password login for a local ...

I have found an interesting method to convert WinExec shellcode. This may be useful if WinExec cannot be used because the characters WinE are bad characters or if there are security solutions monitoring for its execution. This method requires msvcrt.dll to be loaded as it uses the system call ...

Pretty interesting how easy it is to spoof the animated hologram thingy in the new Digital NRIC. Managed to build a Proof of Concept (POC) within a few hours of the news release. Govtech's response is as follow: Hi Benjamin, We refer your report submitted under the Vulnerability Disclosure ...

Below feedback was submitted to CSA on 11 Oct 2021 in an individual capacity. Q1 I refer to item 7 on page 6 of Annex A: Industry Consultation Document, reproduced below. If a company registered in Singapore or an individual residing and working in Singapore is only providing cybersecurity ...

Due to the nature of work, there is a vast difference between the skillset of a law enforcement cyber forensics analyst and his private sector counterpart. If you are intending to hire an ex-law enforcement analyst, do read on to find out if it is a good fit. Law enforcement forensics analysts ...