by Charles Herring | Dec 14, 2021 | blog, Security Breaches
Log4J/LogShell (CVE-2021-44228) exploit IOC have been published by Cisco Talos (see: https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html). These IOC have been packaged as a WitFoo Actor definition and have been pushed to all production...
by Charles Herring | Dec 11, 2021 | blog
CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) was released on December 10, 2021 outlining a vulnerability in Apache Foundation project Log4j (https://logging.apache.org/log4j/2.x/index.html). This vulnerability can be used by a remote attacker to...
by Charles Herring | Nov 10, 2021 | InfoSec Craft, WitFoo Coding
My presentation for Metric Driven DevOps delivered at the 2021 Georgia ISSA Annual conference can be downloaded here. Abstract is below. METRIC DRIVEN DEVOPS Technical Level: AdvancedAudience: Data & System Architects, Developers Developing software that changes...
by Charles Herring | Oct 9, 2021 | blog, InfoSec Craft
I have been fortunate enough to have the opportunity to spend October on the Big Island of Hawai’i at a friend’s home while we button up the 6.2 release of Precinct. My wife and I were able to visit the Crater Overlook at Mount Kīlauea this week. Mount Kīlauea is the...
by Charles Herring | Sep 15, 2021 | blog, InfoSec Craft
Machine Learning Driven Social Engineering talk will be given at GrrCon on 9/16/2021 at 4:30pm. Abstract Machine learning (ML) is arguably the most potent advancement in technology since atomic fission with similar benefit and risk extremes. The outcome driven nature...
