The Joys of Honeypotting
Time to talk about one of my favourite concepts in cyber security- Honeypots. I don’t know why, but the idea of honeypotting an attacker has always held a special place in my mind, as a method to attack the attacker. But first, some term clarifications. Honeypot : a decoy system intentionally designed to look like […]
Mind the Patch Gap
Its time to discuss what tends to be overlooked when it comes to cyber defences for an organisation. What is known in the industry as the “Patch Gap”. This is the time a CVE is known and patch is available to the time it then takes to get it patched. This number is very important, […]
Know your Signatures
Lets start at the basics, Network IPS and IDS – Intrusion Prevention and Detection. IPS usually sits inline with the traffic flow and allows packets to be stopped and prevent an attack whereas IDS will simply alert the SecOPS team that there is a potential threat then needs investigating, IPS can be troublesome in routing […]
Accepting the Risk
In the cyber security industry a phrase gets used when looking at legacy applications – “Accept the Risk”. This is often said when it comes to legacy applications as there isn’t too much an organisation can do about them by their very nature. In speaking with CISO’s it is often said in the context of […]
Too many JVM’s – The Java Security Challenge
Understanding the JVM and Security Implications In the realm of application development, Java has long stood as a stalwart, known for its platform independence and versatility. At the heart of Java’s capabilities lies the Java Virtual Machine (JVM), a powerful intermediary that facilitates seamless execution of Java applications across diverse devices and operating systems. However, […]
We Need to Talk about Log4J
CVE-2021-44228 (AKA Log4J) was released in December 2021, and remains one of the most exploited vulnerabilities still 2 years later! How can this be? What is it? Log4J is part of the Apache Foundations Logging Services Project. This was initially included in the application from October 1999 but wasn’t really adopted until the Logging Services […]
Why Legacy?
The image above is a great illustration of the Innoculator ethos. It of course is an old computer running a “green screen” legacy application. But (keen observers will have noticed), it is also an image generated using A.I. This really encapsulates the approach we are bringing to the market. Talking to people in the industry […]