@kevin-blankenship
Active 6 years, 3 months ago-
Kevin Blankenship changed their profile picture 6 years, 6 months ago
-
Kevin Blankenship's profile was updated 6 years, 6 months ago
-
Kevin Blankenship wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 6 months ago
For whatever reason the link does not work and keep redirecting the article. Just paste this in and remove the question mark: […]
-
Kevin Blankenship wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 7 months ago
The article title is a bit sensationalist, however the story is amusing.
Researchers were able to create ransomware that infects humanoid robots produced by Softbank robotics. When infected, the robot […]
-
I agree this should be seen as a warning because ransomware is no joke and glad this was done early so we can expect some things in the future but the story is amusing lol.
-
Good post Kevin. What’s really scary about it (I think) is that it is going to become easier and easier to do this given that there are ‘tons’ of open source platforms and frameworks that are just now starting percolate thru git -like ROS, Microsoft Robotics Developer Studio, Orca, etc., etc, etc.
I’m certainly no expert here but I’d think that without these emerging platforms, bad actors would need to learn, understand and master all of the gory details of some pretty low level device interactions – requiring a lot of unique hardware engineering awareness and programming interface skills. The point being that very few bad actors would think it worth their investment of time to pursue.
And if that were the case,(i,e. the lack of deep engineering skills needed to build successful exploits), those kinds of attacks would simply get relegated into corner case attacks sponsored by nation states (again in my opinion).
But now that all of the ‘low level’ device specific complexity can just be abstracted away with an SDK it will make it soooooooo much easier for anyone with the right tool kit to do that sort of stuff. Yikes!;)
-
-
Kevin Blankenship wrote a new post on the site MIS 5212-Advanced Penetration Testing 6 years, 8 months ago
Hello, figured I’d just do a quick intro as a test post this week.
I am Kevin Blankenship. I’m expecting to graduate the ITACS program this summer. Alongside this class I am taking Computer Forensics with Larry […]
-
Kevin Blankenship commented on the post, Progress Report for Week Ending, September 22, on the site 6 years, 9 months ago
Risky Business is a fantastic podcast. I’ve been listening for a while, and Patrick is a great host. He also has “Snake-Oil” episodes where he interviews various security vendors, which are always interesting, even if they are trying to sell something.
I’d additionally recommend “Smashing Security” as another infosec podcast. -
Kevin Blankenship wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 6 years, 11 months ago
An Iranian hacker was indicted for an attack against HBO in early 2017. He reportedly extorted the data for $6 million in bitcoin. The hacker made away with scripts, employee emails, proprietary i […]
-
Kevin Blankenship wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 6 years, 11 months ago
If you’re not aware of Shodan, it is a search engine for IoT devices. It allows you to search across publicly accessible devices worldwide. You can use this to search your own network for exposed devices, or just […]
Yes, we're having a black friday sale 🙂 $5 Shodan Membership instead of $49 and it will run from Friday through Monday
— Shodan (@shodanhq) November 21, 2017
-
Kevin Blankenship wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years ago
An analysis done by Cryen researchers looked at 10.3 million Office 365 emails, revealing that 9.3% were unfiltered spam and contained malware and phishing information. While a small percentage was zero-day […]
-
Kevin,
These number help us to be careful with all the emails we receive. I think that emails are the easiest tools most of attackers use to harm other people computers. We are the users who suppose to trained to follow certain steps when we receive emails, we have to make sure that they were sent from a trusted source. In other words, our curiosity shouldn’t be involved in open or not suspicious emails.
-
-
Kevin Blankenship wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years ago
The Kaspersky Lab’s issue has grown in complexity and layers. It’s now known Israeli Intelligence was watching Russian Intelligence monitoring American Intelligence programs. Initially it was discovered […]
-
Kevin Blankenship wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 7 years ago
Equifax has had a great many blunders over the past month. Newest on the pile is the discovery Equifax’s customer service portal served up malware to users. 3rd party code embedded in the page prompted users for […]
-
Kevin Blankenship commented on the post, The Science Behind “Blade Runner”’s Voight-Kampff Test, on the site 7 years ago
Neat article Andres, very timely.
I found the point interesting how when Philip K. Dick wrote about this, we did not have brain imaging, and would use that now to help determine an emotional response. Dick and Asimov experimented with very interesting ideas that were ahead of their time, and it is cool to see some of the things they wrote about…[Read more] -
Kevin Blankenship commented on the post, Discussion Week 4, on the site 7 years, 1 month ago
Blacklisting applications, websites, or other elements is very easy to do. However this is not the most secure method. Blacklisting requires constant updating and vigilance to ensure new areas don’t pop up to cause risk. This can impact confidentiality and integrity most, as an attack vector not blacklisted may sneak in unknown.
Whitelisting is…[Read more] -
Kevin Blankenship posted a new activity comment 7 years, 1 month ago
The part about lacking 2FA stuck out to me as well. Not only is it bad to have an admin account access everything, but to then not properly secure it at the most minimum possible level is crazy.
-
Kevin Blankenship posted a new activity comment 7 years, 1 month ago
Definitely an really interesting and clear example of a Supply Chain attack. Like Matt said, if it wasn’t an insider, there is a serious compromise in Avest’s SDLC. It’s good only one version was affected, so downgrading or upgrading will fix the issue, but with 2.27 Million version downloads since august, this malware is still very widespread.…[Read more]
-
Kevin Blankenship posted a new activity comment 7 years, 1 month ago
Thankfully the vulnerability is confined to the REST plugin, which must be specifically applied, so the issue isn’t as widespread as simply having Apache. That said, it’s still extremely prevalent, and often very hard to detect without knowing the application architecture. From personal experience, it is a pain to track down developers who know this info.
-
Kevin Blankenship posted a new activity comment 7 years, 2 months ago
This attack wasn’t a “technical” hack, however I still would consider it a hack. When most readers think of a hacker they’re picturing a guy with a laptop and ski mask tapping away furiously at some command line looking console with an ACSII skull popping up after execution.
This is not that kind of hack.
A hack, especially as defined in class…[Read more] -
Kevin Blankenship joined the group MIS4596-002 Spring 2016 – Messina 8 years, 10 months ago
-
Kevin Blankenship's profile was updated 8 years, 11 months ago
-
Kevin Blankenship's profile was updated 9 years, 7 months ago
- Load More
