I Am Security

Iftach Ian Amit

Subscribe to Iftach Ian Amit: eMailAlertsEmail Alerts
Get Iftach Ian Amit: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Iftach Ian Amit

So, as if I didn’t have enough flights this year, here is where you can find me and hang out / grab a beer / talk shop / hack: August: 3-4 BSidesLV. If you are in Vegas in August, this is THE place to be. I’ll be running a couple of talks there – one with my colleague Itzik Kotler on VoIP botnets, and another on advanced data exfiltration. I’ll also be on the PTES panel, and will help out with the conference security. 5-7 DefCon. I’ll also be presenting at DefCon with Itzik on VoiP botnets. September: 19-20 Brucon. Seriously one of the best cons out there. And you get to enjoy the Belgian beer. What can go wrong? October: 26-29 Hashdays. First time for me at this conference. Friends who attended in the past can barely be reached for comments. This year’s badge will blow away any badge you have ever seen in a con. Oh, and the lineup is sick! November: 17-19 Sec... (more)

Do as I say, not as I do. RSA, Bit9, Adobe, and others…

So you thought you had everything nailed down. You might have even gone past the “best practice” (which would have driven you to compliance, and your security to the gutter), and focused on protecting your assets by applying the right … Continue reading → ... (more)

Advanced Data Exfilration

This paper has been published in several security conferences during 2011, and is now being made fully available (as well as a PDF version for downloading) Abstract Penetration testing and red-team exercises have been running for years using the same methodology and techniques. Nevertheless, modern attacks do not conform to what the industry has been preparing for, and do not utilize the same tools and techniques employed by such tests. This paper discusses the different ways that attacks should be emulated, and focuses mainly on data exfiltration. The ability to “break into” a... (more)

Identity Crisis

Here’s a common question I get asked a lot: “What technology should I use to secure my server/network/[some technology]?” The question is usually presented by someone who’s in charge of “Security” in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I get really nervous when the CISO/CIO/Security manager is the one asking. I think that this question is highly inappropriate for two reasons: You should not be looking for “technology”. Buying a product is not going to make you more secure or less secure. You should n... (more)

The China/Google thing, accountants and other miscreants

Aha! Can’t believe I managed to avoid the unbelievable hype flood that swept across the interwebs in the last month. And to think that the last post (long overdue, I know… had REALLY good reasons for not being able to post anything) was somewhat oracleish in predicting that this would be the focus of this year. Just to set the stage right – we are at a point where I just saw a USA Today “Money” section front page article on how Google’s engagement with the NSA post the breach will affect the security vendor market, and a few VCs were also quoted to the fact that we will be seein... (more)