Blockchain, enterprise security, and bypassing antivirus

Email update, 13 May 2018

Good morning.

A short one today. I have a longer post regarding Online Voting in the works (partly driven by my Thesis finally making it onto arXiv), but that will have to wait a few days.

In minor techie news, I’ve switched from AWS to using DigitalOcean for my cheap cloud server (the one I use to catch shells). I was previously on the AWS free tier, but after that expired I was looking for other options, and settled on DigitalOcean over both AWS and Azure. DigtalOcean’s pricing is far less anxiety-inducing—it’s a fixed price per month—and their control panel is easily the best interface of all three. If you’re after a cheap server, I’d give them a look.

Attack of the 50 Foot Blockchain

I finished this book last week, and I’d highly recommend it. It’s a bit haphazard at parts, which is understandable: writing about this sort of topic ages very quickly, so I imagine Gerard was rushed getting ink on paper before it was made obsolete.

Overall it’s an excellent book and essential reading for anyone who has to deal with cryptocurrencies, “blockchain technology”, or clients asking about either (which is too many of you, you poor saps).

The Secure Developer podcast

I only discovered this podcast recently, and it’s now my second-favourite information security podcast after Risky Business. The below episode in particular is excellent, and well worth adding to your morning commute.

The Secure Developer #15, Enterprise Security with RedMonk’s James Governor

Evading anti-virus software

This one was sitting in list of saved Instapaper articles for far too long. I finally found the time a few weekends ago, and I’m glad I got around to it.

AV Evasion: Lessons Learned

It’s almost four years old now—decades in infosec tradecraft terms—but it does a good job explaining the technical basis for a lot of antivirus software, and how to think about creating executable payloads which aren’t detected by common techniques. If you’re technically minded I strongly recommend reading all the way to the end. The last technique is very neat.