Attack Techniques: RMM Abuse đź”—
After you sign up on the Social Security Administration’s website, they’ll send you a yearly email inviting you to check out your benefits. Flipping t [...]
text/plain
Posts
Understanding Defender AV Scans đź”—
Microsoft Defender Antivirus Defender is intended to operate silently in the background, without requiring any active attention from the user. Because [...]
Windows: Choose Where To Get Apps đź”—
Modern versions of Windows offer a setting named “Choose where to get apps” which can reduce attack surface by limiting the locations from which appli [...]
Winter 2026 Runs đź”—
I did a reasonably good job running on my treadmill throughout the fall of 2025, in preparation for my second summit of Mount Kilimanjaro over New Yea [...]
Security Software False Positives đź”—
Software developers and end-users are often interested in understanding how to resolve incorrect detections from their antivirus/security software, in [...]
Security Surfaces đź”—
An important concept in Usable Security is whether a given UI represents a “security surface.” Formally, a security surface is a User Interface compon [...]
Defensive Technology: Ransomware Data Recovery đź”—
In a prior installment we looked at Controlled Folder Access, a Windows feature designed to hamper ransomware attacks by preventing untrusted processe [...]
Windows Shell Previews – Restricted 🔗
Windows users who installed the October 2025 Security Updates may have noticed an unexpected change if they use the Windows Explorer preview pane. Whe [...]
An Improbable Recovery đź”—
Way back on May 11th of 2022, I was visiting my team (Edge browser) for the week in Redmond, Washington. On Wednesday night, I left my ThinkPad X1 Ext [...]
AI Injection Attacks đź”—
A hot infosec topic these days is “How can we prevent abuse of AI agents?” While AI introduces awesome new capabilities, it also entails an enormous s [...]