Insights, information
and resourcesAND

Property Oriented Programming, or POP for short, chains are to object injection what ROP are to buffer overflows. Read about one here.

A short article on a WAF bypass.

Exploring logic exploitation and where it may take us. We examine 3 vulnerabilities and consider the future for this area of exploitation.

InfoSec has become a giant, marketing driven, bandwagon affair. However all is not lost, this talk will focus on 10 lessons that can be applied to your job (no matter what it is as long as its InfoSec related) that will help you do it better, stronger, faster etc…Providing information on topics such as: why does no one ever give me the funding I want and how do I get it? How can I do a useful penetration test? How do I build an effective security program that makes my job security 2+ years? And How do bad guys really think and how do I do that? OccamSec CEO Mark Stamford provides some tips on how to keep the organizations we work for secure, not lose our minds, and hopefully navigate the crazy.

Penetration Tests or Red Team? What are they? should you use them? if so, which one?

Vulnerability allows execution of any binary you want on macOS, bypassing the codesigning system.

The COVID-19 pandemic has caused hospital systems’ resources to be strained to the breaking point, and in some cases, beyond. Those who manage and use information systems need to take action now.

On October 8, 2020, OccamSec participated in a joint OWASP London and OWASP Suffolk meeting.

Establishing a beachhead is an important objective during many of our security assessments. To gain further access into an environment we need to get access to an Internet facing system, which can then be used to pivot into the network. The walkthrough below is a real life example, taken from one of our projects

Davin and Mike speak with John Quigg, advisor for OccamSec and Senior Advisor at Spurrier Capital Partners. The trio talk about supply chain, previous major breaches, and how to marry IT and Operations teams to make effective changes.

Mike and Davin are joined by John Kindervag, creator of Zero Trust for the Season 2 Premiere of Burned by the Firewall! The trio discuss how Zero Trust came to be, its fundamentals, and some common myths. For anyone who is concerned with their current deployments, or who is considering setting up new infrastructure, this episode is for you!

In our season finale, Mike and Davin are joined by Cynthia Boumann, Head of Global Audit at Dover Corporation. She share her insights on the universe of risk, living through the winter storm in Texas, and why there should be now be a larger conversation on infrastructure and resilience.