The guys who sign off on penetration tests are the C-Suite stakeholders and responsible PEs who actually own the risk, not the helpdesk leads or watch supervisors, and it's held close on a tight individualized 'need-to-know' basis. The contracting and coordination of a penetration test are kept...
I've spent my entire career in a risk adverse and image sensitive bureaucracy, and have often seen the lightbulb come on when someone sees the gaping hole that their career is jeopardized by. I routinely advocate and participate in red teaming and penetration testing endeavors. However, I...
UM was banned by the Linux foundation because they intentionally introduced vulnerabilities into the code repository that feeds all Linux distros, which provide the backbone for most web servers, and a growing number of PCs. This would be like an engineer intentionally creating a safety hazard...
I'd recommend that you post your program on github, or a similar site, which allows open source code review before download, and link to it. That gives everyone the reassurance that you're not just providing malware that will immediately compromise their system when it's downloaded...
The ransomware didn't affect the SCADA. It crippled the IT business processes of Colonial Pipeline's system. This was no Stuxnet, but just a simple off-the-self ransomware attack, that happened to smash an integral part of Colonial Pipeline's operations. Dragos put out this commentary about...
